int pr_auth_authorize(pool *p, const char *name) {
cmd_rec *cmd = NULL;
modret_t *mr = NULL;
module *m = NULL;
int res = PR_AUTH_OK;
cmd = make_cmd(p, 1, name);
if (auth_tab) {
/* Fetch the specific module to be used for authenticating this user. */
void *v = pr_table_get(auth_tab, name, NULL);
if (v) {
m = *((module **) v);
pr_trace_msg(trace_channel, 4,
"using module 'mod_%s.c' from authcache to authorize user '%s'",
m->name, name);
}
}
mr = dispatch_auth(cmd, "authorize", m ? &m : NULL);
/* Unlike the other auth calls, we assume here that unless the handlers
* explicitly return ERROR, the user is authorized. Thus HANDLED and
* DECLINED are both treated as "yes, this user is authorized". This
* handles the case where the authenticating module (e.g. mod_sql)
* does NOT provide an 'authorize' handler.
*/
if (MODRET_ISERROR(mr)) {
res = MODRET_ERROR(mr);
}
if (cmd->tmp_pool) {
destroy_pool(cmd->tmp_pool);
cmd->tmp_pool = NULL;
}
return res;
}
int pr_auth_requires_pass(pool *p, const char *name) {
cmd_rec *cmd;
modret_t *mr;
int res = TRUE;
cmd = make_cmd(p, 1, name);
mr = dispatch_auth(cmd, "requires_pass", NULL);
if (MODRET_ISHANDLED(mr))
res = FALSE;
else if (MODRET_ISERROR(mr))
res = MODRET_ERROR(mr);
if (cmd->tmp_pool) {
destroy_pool(cmd->tmp_pool);
cmd->tmp_pool = NULL;
}
return res;
}
int pr_parser_parse_file(pool *p, const char *path, config_rec *start,
int flags) {
pr_fh_t *fh;
struct stat st;
struct config_src *cs;
cmd_rec *cmd;
pool *tmp_pool;
char *buf, *report_path;
size_t bufsz;
if (path == NULL) {
errno = EINVAL;
return -1;
}
if (parser_servstack == NULL) {
errno = EPERM;
return -1;
}
tmp_pool = make_sub_pool(p ? p : permanent_pool);
pr_pool_tag(tmp_pool, "parser file pool");
report_path = (char *) path;
if (session.chroot_path) {
report_path = pdircat(tmp_pool, session.chroot_path, path, NULL);
}
if (!(flags & PR_PARSER_FL_DYNAMIC_CONFIG)) {
pr_trace_msg(trace_channel, 3, "parsing '%s' configuration", report_path);
}
fh = pr_fsio_open(path, O_RDONLY);
if (fh == NULL) {
int xerrno = errno;
destroy_pool(tmp_pool);
errno = xerrno;
return -1;
}
/* Stat the opened file to determine the optimal buffer size for IO. */
memset(&st, 0, sizeof(st));
if (pr_fsio_fstat(fh, &st) < 0) {
int xerrno = errno;
pr_fsio_close(fh);
destroy_pool(tmp_pool);
errno = xerrno;
return -1;
}
if (S_ISDIR(st.st_mode)) {
pr_fsio_close(fh);
destroy_pool(tmp_pool);
errno = EISDIR;
return -1;
}
/* Advise the platform that we will be only reading this file
* sequentially.
*/
pr_fs_fadvise(PR_FH_FD(fh), 0, 0, PR_FS_FADVISE_SEQUENTIAL);
/* Check for world-writable files (and later, files in world-writable
* directories).
*
* For now, just warn about these; later, we will be more draconian.
*/
if (st.st_mode & S_IWOTH) {
pr_log_pri(PR_LOG_WARNING, "warning: config file '%s' is world-writable",
path);
}
fh->fh_iosz = st.st_blksize;
/* Push the configuration information onto the stack of configuration
* sources.
*/
cs = add_config_source(fh);
if (start != NULL) {
(void) pr_parser_config_ctxt_push(start);
}
bufsz = PR_TUNABLE_PARSER_BUFFER_SIZE;
buf = pcalloc(tmp_pool, bufsz + 1);
while (pr_parser_read_line(buf, bufsz) != NULL) {
pr_signals_handle();
cmd = pr_parser_parse_line(tmp_pool, buf, 0);
if (cmd == NULL) {
continue;
}
if (cmd->argc) {
conftable *conftab;
char found = FALSE;
cmd->server = *parser_curr_server;
cmd->config = *parser_curr_config;
conftab = pr_stash_get_symbol2(PR_SYM_CONF, cmd->argv[0], NULL,
&cmd->stash_index, &cmd->stash_hash);
while (conftab != NULL) {
modret_t *mr;
pr_signals_handle();
cmd->argv[0] = conftab->directive;
pr_trace_msg(trace_channel, 7,
"dispatching directive '%s' to module mod_%s", conftab->directive,
conftab->m->name);
mr = pr_module_call(conftab->m, conftab->handler, cmd);
if (mr != NULL) {
if (MODRET_ISERROR(mr)) {
if (!(flags & PR_PARSER_FL_DYNAMIC_CONFIG)) {
pr_log_pri(PR_LOG_WARNING, "fatal: %s on line %u of '%s'",
MODRET_ERRMSG(mr), cs->cs_lineno, report_path);
destroy_pool(tmp_pool);
errno = EPERM;
return -1;
}
pr_log_pri(PR_LOG_WARNING, "warning: %s on line %u of '%s'",
MODRET_ERRMSG(mr), cs->cs_lineno, report_path);
}
}
if (!MODRET_ISDECLINED(mr)) {
found = TRUE;
}
conftab = pr_stash_get_symbol2(PR_SYM_CONF, cmd->argv[0], conftab,
&cmd->stash_index, &cmd->stash_hash);
}
if (cmd->tmp_pool) {
destroy_pool(cmd->tmp_pool);
}
if (found == FALSE) {
register unsigned int i;
char *name;
size_t namelen;
int non_ascii = FALSE;
/* I encountered a case where a particular configuration file had
* what APPEARED to be a valid directive, but the parser kept reporting
* that the directive was unknown. I now suspect that the file in
* question had embedded UTF8 characters (spaces, perhaps), which
* would appear as normal spaces in e.g. UTF8-aware editors/terminals,
* but which the parser would rightly refuse.
*
* So to indicate that this might be the case, check for any non-ASCII
* characters in the "unknown" directive name, and if found, log
* about them.
*/
name = cmd->argv[0];
namelen = strlen(name);
for (i = 0; i < namelen; i++) {
if (!isascii((int) name[i])) {
non_ascii = TRUE;
break;
}
}
if (!(flags & PR_PARSER_FL_DYNAMIC_CONFIG)) {
pr_log_pri(PR_LOG_WARNING, "fatal: unknown configuration directive "
"'%s' on line %u of '%s'", name, cs->cs_lineno, report_path);
if (non_ascii) {
pr_log_pri(PR_LOG_WARNING, "fatal: malformed directive name "
"'%s' (contains non-ASCII characters)", name);
} else {
array_header *directives, *similars;
directives = get_all_directives(tmp_pool);
similars = pr_str_get_similars(tmp_pool, name, directives, 0,
PR_STR_FL_IGNORE_CASE);
if (similars != NULL &&
similars->nelts > 0) {
unsigned int nelts;
const char **names, *msg;
names = similars->elts;
nelts = similars->nelts;
if (nelts > 4) {
nelts = 4;
}
msg = "fatal: Did you mean:";
if (nelts == 1) {
msg = pstrcat(tmp_pool, msg, " ", names[0], NULL);
} else {
for (i = 0; i < nelts; i++) {
msg = pstrcat(tmp_pool, msg, "\n ", names[i], NULL);
}
}
pr_log_pri(PR_LOG_WARNING, "%s", msg);
}
}
destroy_pool(tmp_pool);
errno = EPERM;
return -1;
}
pr_log_pri(PR_LOG_WARNING, "warning: unknown configuration directive "
"'%s' on line %u of '%s'", name, cs->cs_lineno, report_path);
if (non_ascii) {
pr_log_pri(PR_LOG_WARNING, "warning: malformed directive name "
"'%s' (contains non-ASCII characters)", name);
}
}
}
destroy_pool(cmd->pool);
memset(buf, '\0', bufsz);
}
/* Pop this configuration stream from the stack. */
remove_config_source();
pr_fsio_close(fh);
destroy_pool(tmp_pool);
return 0;
}
int pr_auth_check(pool *p, const char *cpw, const char *name, const char *pw) {
cmd_rec *cmd = NULL;
modret_t *mr = NULL;
module *m = NULL;
int res = PR_AUTH_BADPWD;
cmd = make_cmd(p, 3, cpw, name, pw);
/* First, check for any of the modules in the "authenticating only" list
* of modules. This is usually only mod_auth_pam, but other modules
* might also add themselves (e.g. mod_radius under certain conditions).
*/
if (auth_module_list) {
struct auth_module_elt *elt;
for (elt = (struct auth_module_elt *) auth_module_list->xas_list; elt;
elt = elt->next) {
m = pr_module_get(elt->name);
if (m) {
mr = dispatch_auth(cmd, "check", &m);
if (MODRET_ISHANDLED(mr)) {
pr_trace_msg(trace_channel, 4,
"module '%s' used for authenticating user '%s'", elt->name, name);
res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK;
if (cmd->tmp_pool) {
destroy_pool(cmd->tmp_pool);
cmd->tmp_pool = NULL;
}
return res;
}
if (MODRET_ISERROR(mr)) {
res = MODRET_ERROR(mr);
if (cmd->tmp_pool) {
destroy_pool(cmd->tmp_pool);
cmd->tmp_pool = NULL;
}
return res;
}
m = NULL;
}
}
}
if (auth_tab) {
/* Fetch the specific module to be used for authenticating this user. */
void *v = pr_table_get(auth_tab, name, NULL);
if (v) {
m = *((module **) v);
pr_trace_msg(trace_channel, 4,
"using module 'mod_%s.c' from authcache to authenticate user '%s'",
m->name, name);
}
}
mr = dispatch_auth(cmd, "check", m ? &m : NULL);
if (MODRET_ISHANDLED(mr))
res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK;
if (cmd->tmp_pool) {
destroy_pool(cmd->tmp_pool);
cmd->tmp_pool = NULL;
}
return res;
}
static modret_t *dispatch_auth(cmd_rec *cmd, char *match, module **m) {
authtable *start_tab = NULL, *iter_tab = NULL;
modret_t *mr = NULL;
start_tab = pr_stash_get_symbol(PR_SYM_AUTH, match, NULL,
&cmd->stash_index);
iter_tab = start_tab;
while (iter_tab) {
pr_signals_handle();
if (m && *m && *m != iter_tab->m) {
goto next;
}
pr_trace_msg(trace_channel, 6,
"dispatching auth request \"%s\" to module mod_%s",
match, iter_tab->m->name);
mr = pr_module_call(iter_tab->m, iter_tab->handler, cmd);
/* Return a pointer, if requested, to the module which answered the
* auth request. This is used, for example, by auth_getpwnam() for
* associating the answering auth module with the data looked up.
*/
if (iter_tab->auth_flags & PR_AUTH_FL_REQUIRED) {
pr_trace_msg(trace_channel, 6,
"\"%s\" response from module mod_%s is authoritative", match,
iter_tab->m->name);
if (m) {
*m = iter_tab->m;
}
break;
}
if (MODRET_ISHANDLED(mr) ||
MODRET_ISERROR(mr)) {
if (m) {
*m = iter_tab->m;
}
break;
}
next:
iter_tab = pr_stash_get_symbol(PR_SYM_AUTH, match, iter_tab,
&cmd->stash_index);
if (iter_tab == start_tab) {
/* We have looped back to the start. Break out now and do not loop
* around again (and again, and again...)
*/
mr = PR_DECLINED(cmd);
break;
}
}
return mr;
}
int pr_parser_parse_file(pool *p, const char *path, config_rec *start,
int flags) {
pr_fh_t *fh;
struct stat st;
struct config_src *cs;
cmd_rec *cmd;
pool *tmp_pool;
char *report_path;
if (path == NULL) {
errno = EINVAL;
return -1;
}
tmp_pool = make_sub_pool(p ? p : permanent_pool);
pr_pool_tag(tmp_pool, "parser file pool");
report_path = (char *) path;
if (session.chroot_path)
report_path = pdircat(tmp_pool, session.chroot_path, path, NULL);
if (!(flags & PR_PARSER_FL_DYNAMIC_CONFIG))
pr_trace_msg(trace_channel, 3, "parsing '%s' configuration", report_path);
fh = pr_fsio_open(path, O_RDONLY);
if (fh == NULL) {
int xerrno = errno;
destroy_pool(tmp_pool);
errno = xerrno;
return -1;
}
/* Stat the opened file to determine the optimal buffer size for IO. */
memset(&st, 0, sizeof(st));
if (pr_fsio_fstat(fh, &st) < 0) {
int xerrno = errno;
pr_fsio_close(fh);
destroy_pool(tmp_pool);
errno = xerrno;
return -1;
}
if (S_ISDIR(st.st_mode)) {
pr_fsio_close(fh);
destroy_pool(tmp_pool);
errno = EISDIR;
return -1;
}
/* Check for world-writable files (and later, files in world-writable
* directories).
*
* For now, just warn about these; later, we will be more draconian.
*/
if (st.st_mode & S_IWOTH) {
pr_log_pri(PR_LOG_WARNING, "warning: config file '%s' is world-writable",
path);
}
fh->fh_iosz = st.st_blksize;
/* Push the configuration information onto the stack of configuration
* sources.
*/
cs = add_config_source(fh);
if (start)
add_config_ctxt(start);
while ((cmd = pr_parser_parse_line(tmp_pool)) != NULL) {
pr_signals_handle();
if (cmd->argc) {
conftable *conftab;
char found = FALSE;
cmd->server = *parser_curr_server;
cmd->config = *parser_curr_config;
conftab = pr_stash_get_symbol2(PR_SYM_CONF, cmd->argv[0], NULL,
&cmd->stash_index, &cmd->stash_hash);
while (conftab) {
modret_t *mr;
pr_signals_handle();
cmd->argv[0] = conftab->directive;
pr_trace_msg(trace_channel, 7,
"dispatching directive '%s' to module mod_%s", conftab->directive,
conftab->m->name);
mr = pr_module_call(conftab->m, conftab->handler, cmd);
if (mr != NULL) {
if (MODRET_ISERROR(mr)) {
if (!(flags & PR_PARSER_FL_DYNAMIC_CONFIG)) {
pr_log_pri(PR_LOG_WARNING, "fatal: %s on line %u of '%s'",
MODRET_ERRMSG(mr), cs->cs_lineno, report_path);
exit(1);
} else {
pr_log_pri(PR_LOG_WARNING, "warning: %s on line %u of '%s'",
MODRET_ERRMSG(mr), cs->cs_lineno, report_path);
}
}
}
if (!MODRET_ISDECLINED(mr)) {
found = TRUE;
}
conftab = pr_stash_get_symbol2(PR_SYM_CONF, cmd->argv[0], conftab,
&cmd->stash_index, &cmd->stash_hash);
}
if (cmd->tmp_pool)
destroy_pool(cmd->tmp_pool);
if (!found) {
if (!(flags & PR_PARSER_FL_DYNAMIC_CONFIG)) {
pr_log_pri(PR_LOG_WARNING, "fatal: unknown configuration directive "
"'%s' on line %u of '%s'", cmd->argv[0], cs->cs_lineno,
report_path);
exit(1);
} else {
pr_log_pri(PR_LOG_WARNING, "warning: unknown configuration directive "
"'%s' on line %u of '%s'", cmd->argv[0], cs->cs_lineno,
report_path);
}
}
}
destroy_pool(cmd->pool);
}
/* Pop this configuration stream from the stack. */
remove_config_source();
pr_fsio_close(fh);
destroy_pool(tmp_pool);
return 0;
}
static array_header *sqltab_fetch_clients_cb(wrap2_table_t *sqltab,
const char *name) {
pool *tmp_pool = NULL;
cmdtable *sql_cmdtab = NULL;
cmd_rec *sql_cmd = NULL;
modret_t *sql_res = NULL;
array_header *sql_data = NULL;
char *query = NULL, **vals = NULL;
array_header *clients_list = NULL;
/* Allocate a temporary pool for the duration of this read. */
tmp_pool = make_sub_pool(sqltab->tab_pool);
query = ((char **) sqltab->tab_data)[0];
/* Find the cmdtable for the sql_lookup command. */
sql_cmdtab = pr_stash_get_symbol(PR_SYM_HOOK, "sql_lookup", NULL, NULL);
if (sql_cmdtab == NULL) {
wrap2_log("error: unable to find SQL hook symbol 'sql_lookup'");
destroy_pool(tmp_pool);
return NULL;
}
/* Prepare the SELECT query. */
sql_cmd = sql_cmd_create(tmp_pool, 3, "sql_lookup", query, name);
/* Call the handler. */
sql_res = call_module(sql_cmdtab->m, sql_cmdtab->handler, sql_cmd);
/* Check the results. */
if (!sql_res) {
wrap2_log("NamedQuery '%s' returned no data", query);
destroy_pool(tmp_pool);
return NULL;
}
if (MODRET_ISERROR(sql_res)) {
wrap2_log("error processing NamedQuery '%s'", query);
destroy_pool(tmp_pool);
return NULL;
}
/* Construct a single string, concatenating the returned client tokens
* together.
*/
sql_data = (array_header *) sql_res->data;
vals = (char **) sql_data->elts;
if (sql_data->nelts < 1) {
wrap2_log("NamedQuery '%s' returned no data", query);
destroy_pool(tmp_pool);
return NULL;
}
clients_list = make_array(sqltab->tab_pool, sql_data->nelts, sizeof(char *));
*((char **) push_array(clients_list)) = pstrdup(sqltab->tab_pool, vals[0]);
if (sql_data->nelts > 1) {
register unsigned int i = 0;
for (i = 1; i < sql_data->nelts; i++) {
*((char **) push_array(clients_list)) = pstrdup(sqltab->tab_pool,
vals[i]);
}
}
destroy_pool(tmp_pool);
return clients_list;
}
static array_header *get_sql_filters(pool *p, const char *query_name) {
register unsigned int i;
cmdtable *sql_cmdtab = NULL;
cmd_rec *sql_cmd = NULL;
modret_t *sql_res = NULL;
array_header *sql_data = NULL;
const char **values = NULL;
array_header *sql_filters = NULL;
sql_cmdtab = pr_stash_get_symbol2(PR_SYM_HOOK, "sql_lookup", NULL, NULL,
NULL);
if (sql_cmdtab == NULL) {
(void) pr_log_writefile(geoip_logfd, MOD_GEOIP_VERSION,
"unable to execute SQLNamedQuery '%s': mod_sql not loaded", query_name);
errno = EPERM;
return NULL;
}
sql_cmd = pr_cmd_alloc(p, 2, "sql_lookup", query_name);
sql_res = pr_module_call(sql_cmdtab->m, sql_cmdtab->handler, sql_cmd);
if (sql_res == NULL ||
MODRET_ISERROR(sql_res)) {
(void) pr_log_writefile(geoip_logfd, MOD_GEOIP_VERSION,
"error processing SQLNamedQuery '%s'; check mod_sql logs for details",
query_name);
errno = EPERM;
return NULL;
}
sql_data = sql_res->data;
pr_trace_msg(trace_channel, 9, "SQLNamedQuery '%s' returned item count %d",
query_name, sql_data->nelts);
if (sql_data->nelts == 0) {
(void) pr_log_writefile(geoip_logfd, MOD_GEOIP_VERSION,
"SQLNamedQuery '%s' returned no values", query_name);
errno = ENOENT;
return NULL;
}
if (sql_data->nelts % 2 == 1) {
(void) pr_log_writefile(geoip_logfd, MOD_GEOIP_VERSION,
"SQLNamedQuery '%s' returned odd number of values (%d), "
"expected even number", query_name, sql_data->nelts);
errno = EINVAL;
return NULL;
}
values = sql_data->elts;
sql_filters = make_array(p, 0, sizeof(struct geoip_filter));
for (i = 0; i < sql_data->nelts; i += 2) {
const char *filter_name, *pattern = NULL;
struct geoip_filter *filter;
filter_name = values[i];
pattern = values[i+1];
filter = make_filter(p, filter_name, pattern);
if (filter == NULL) {
pr_trace_msg(trace_channel, 3, "unable to use '%s %s' as filter: %s",
filter_name, pattern, strerror(errno));
continue;
}
*((struct geoip_filter **) push_array(sql_filters)) = filter;
}
return sql_filters;
}