Beispiel #1
0
MODRET authfile_chkpass(cmd_rec *cmd) {
  const char *ciphertxt_pass = cmd->argv[0];
  const char *cleartxt_pass = cmd->argv[2];
  char *crypted_pass = NULL;
  size_t ciphertxt_passlen = 0;
  int xerrno;

  if (ciphertxt_pass == NULL) {
    pr_log_debug(DEBUG2, MOD_AUTH_FILE_VERSION
      ": missing ciphertext password for comparison");
    return PR_DECLINED(cmd);
  }

  if (cleartxt_pass == NULL) {
    pr_log_debug(DEBUG2, MOD_AUTH_FILE_VERSION
      ": missing client-provided password for comparison");
    return PR_DECLINED(cmd);
  }

  /* Even though the AuthUserFile is not used here, there must be one
   * configured before this function should attempt to check the password.
   * Otherwise, it could be checking a password retrieved by some other
   * auth module.
   */
  if (af_user_file == NULL) {
    return PR_DECLINED(cmd);
  }

  crypted_pass = crypt(cleartxt_pass, ciphertxt_pass);
  xerrno = errno;

  ciphertxt_passlen = strlen(ciphertxt_pass);
  if (handle_empty_salt == TRUE &&
      ciphertxt_passlen == 0) {
    crypted_pass = "";
  }

  if (crypted_pass == NULL) {
    const char *user;

    user = cmd->argv[1];
    pr_log_debug(DEBUG0, MOD_AUTH_FILE_VERSION
      ": error using crypt(3) for user '%s': %s", user, strerror(xerrno));

    if (ciphertxt_passlen > 0 &&
        (xerrno == EINVAL ||
         xerrno == EPERM)) {
      check_unsupported_algo(user, ciphertxt_pass, ciphertxt_passlen);
    }

    return PR_DECLINED(cmd);
  }

  if (strcmp(crypted_pass, ciphertxt_pass) == 0) {
    session.auth_mech = "mod_auth_file.c";
    return PR_HANDLED(cmd);
  }  

  return PR_DECLINED(cmd);
}
Beispiel #2
0
MODRET authfile_setpwent(cmd_rec *cmd) {
  if (af_setpwent(cmd->tmp_pool) == 0) {
    return PR_DECLINED(cmd);
  }

  return PR_DECLINED(cmd);
}
Beispiel #3
0
MODRET authfile_auth(cmd_rec *cmd) {
  char *tmp = NULL, *cleartxt_pass = NULL;
  const char *name = cmd->argv[0];

  if (af_setpwent() < 0)
    return PR_DECLINED(cmd);

  /* Lookup the cleartxt password for this user. */
  tmp = af_getpwpass(name);
  if (tmp == NULL) {

    /* For now, return DECLINED.  Ideally, we could stash an auth module
     * identifier in the session structure, so that all auth modules could
     * coordinate/use their methods as long as they matched the auth module
     * used.
     */
    return PR_DECLINED(cmd);

#if 0
    /* When the above is implemented, and if the user being checked was
     * provided by mod_auth_file, we'd return this.
     */
    return PR_ERROR_INT(cmd, PR_AUTH_NOPWD);
#endif
  }

  cleartxt_pass = pstrdup(cmd->tmp_pool, tmp);

  if (pr_auth_check(cmd->tmp_pool, cleartxt_pass, name, cmd->argv[1]))
    return PR_ERROR_INT(cmd, PR_AUTH_BADPWD);

  session.auth_mech = "mod_auth_file.c";
  return PR_HANDLED(cmd);
}
Beispiel #4
0
MODRET authfile_setgrent(cmd_rec *cmd) {
  if (af_setgrent() == 0) {
    return PR_DECLINED(cmd);
  }

  return PR_DECLINED(cmd);
}
Beispiel #5
0
MODRET authfile_uid2name(cmd_rec *cmd) {
  struct passwd *pwd = NULL;

  if (af_setpwent() < 0)
    return PR_DECLINED(cmd);

  pwd = af_getpwuid(*((uid_t *) cmd->argv[0]));

  return pwd ? mod_create_data(cmd, pwd->pw_name) : PR_DECLINED(cmd);
}
Beispiel #6
0
MODRET authfile_gid2name(cmd_rec *cmd) {
  struct group *grp = NULL;

  if (af_setgrent() < 0)
    return PR_DECLINED(cmd);

  grp = af_getgrgid(*((gid_t *) cmd->argv[0]));

  return grp ? mod_create_data(cmd, grp->gr_name) : PR_DECLINED(cmd);
}
Beispiel #7
0
MODRET authfile_name2uid(cmd_rec *cmd) {
  struct passwd *pwd = NULL;

  if (af_setpwent() < 0)
    return PR_DECLINED(cmd);

  pwd = af_getpwnam(cmd->argv[0]);

  return pwd ? mod_create_data(cmd, (void *) &pwd->pw_uid) : PR_DECLINED(cmd);
}
Beispiel #8
0
MODRET authfile_name2gid(cmd_rec *cmd) {
  struct group *grp = NULL;

  if (af_setgrent() < 0)
    return PR_DECLINED(cmd);

  grp = af_getgrnam(cmd->argv[0]);

  return grp ? mod_create_data(cmd, (void *) &grp->gr_gid) : PR_DECLINED(cmd);
}
Beispiel #9
0
MODRET lmd_deny_blacklist_post_pass(cmd_rec *cmd) {
    /*
      mod_authを通過するまでは session.userは空の様子
      const char *account  = session.user;
    */
    const char *account   = NULL;
    const char *remote_ip = NULL;

    /* return IP unless found hostname */
    account = get_param_ptr(cmd->server->conf, "UserName", FALSE);
    remote_ip = pr_netaddr_get_ipstr(pr_netaddr_get_sess_remote_addr());

    if(false == is_set_server) {
        pr_log_auth(PR_LOG_WARNING, "%s: memcached_server not set", MODULE_NAME);
        lmd_cleanup();
        return PR_DECLINED(cmd);
    }

    if(is_allowed_user(cmd, account) == true) {
        pr_log_auth(PR_LOG_NOTICE,
           "%s: '%s' is allowed to login. skip last process", MODULE_NAME, account);
        lmd_cleanup();
        return PR_DECLINED(cmd);
    }

    /* allow explicily */
    if(is_allowed(cmd, session.c->remote_addr) == true) {
        return PR_DECLINED(cmd);
    }

    /* check whether account is registerd in blacklist or not */
    if(is_cache_exits(memcached_deny_blacklist_mmc, account) == true) {
        pr_log_auth(PR_LOG_NOTICE,
            "%s: denied '%s@%s'. Account found in blacklist(memcached)",
                 MODULE_NAME, account, remote_ip);
        pr_response_send(R_530, _("Login denied temporary (Account found in blacklist)"));
        end_login(0);
    }

    /* check whether remote IP is registerd in blacklist or not */
    if(is_cache_exits(memcached_deny_blacklist_mmc, remote_ip) == true) {
        pr_log_auth(PR_LOG_NOTICE,
            "%s: denied '%s@%s'. IP found in blacklist(memcached)",
                 MODULE_NAME, account, remote_ip);
        pr_response_send(R_530, _("Login denied temporary (IP found in blacklist)"));
        end_login(0);
    }

    pr_log_debug(DEBUG2,
            "%s: not found in blaclist. '%s@%s' is allowed to Login",
                 MODULE_NAME, account, remote_ip);

    lmd_cleanup();
    return PR_DECLINED(cmd);
}
Beispiel #10
0
MODRET authfile_getgrgid(cmd_rec *cmd) {
  struct group *grp = NULL;
  gid_t gid = *((gid_t *) cmd->argv[0]);

  if (af_setgrent() < 0)
    return PR_DECLINED(cmd);

  grp = af_getgrgid(gid);

  return grp ? mod_create_data(cmd, grp) : PR_DECLINED(cmd);
}
Beispiel #11
0
MODRET authfile_getpwuid(cmd_rec *cmd) {
  struct passwd *pwd = NULL;
  uid_t uid = *((uid_t *) cmd->argv[0]);

  if (af_setpwent() < 0)
    return PR_DECLINED(cmd);

  pwd = af_getpwuid(uid);

  return pwd ? mod_create_data(cmd, pwd) : PR_DECLINED(cmd);
}
Beispiel #12
0
MODRET copy_log_site(cmd_rec *cmd) {
  if (copy_engine == FALSE) {
    return PR_DECLINED(cmd);
  }

  if (cmd->argc < 3 ||
      strncasecmp(cmd->argv[1], "CPTO", 5) != 0) {
    return PR_DECLINED(cmd);
  }

  /* Delete the stashed CPFR path from the session.notes table. */
  (void) pr_table_remove(session.notes, "mod_copy.cpfr-path", NULL);

  return PR_DECLINED(cmd);
}
Beispiel #13
0
MODRET counter_writer_done(cmd_rec *cmd) {
  pr_fh_t *fh;

  if (counter_engine == FALSE) {
    return PR_DECLINED(cmd);
  }

  if (!(counter_pending & COUNTER_HAVE_WRITER)) {
    return PR_DECLINED(cmd);
  }

  fh = counter_get_fh(cmd->tmp_pool, counter_curr_path);
  if (fh == NULL) {
    (void) pr_log_writefile(counter_logfd, MOD_COUNTER_VERSION,
      "%s: no CounterFile found for path '%s'", (char *) cmd->argv[0],
      counter_curr_path);

    /* No CounterFile configured/available for this path. */
    return PR_DECLINED(cmd);
  }

  if (counter_curr_semid == -1) {
    counter_curr_semid = counter_get_sem(fh, counter_curr_path);
    if (counter_curr_semid < 0) {
      (void) pr_log_writefile(counter_logfd, MOD_COUNTER_VERSION,
        "unable to get semaphore for '%s': %s", counter_curr_path,
        strerror(errno));
      return PR_DECLINED(cmd);
    }
  }

  if (counter_remove_writer(fh, counter_curr_semid) < 0) {
    (void) pr_log_writefile(counter_logfd, MOD_COUNTER_VERSION,
      "error removing writer for '%s': %s", counter_curr_path,
      strerror(errno));

  } else {
    (void) pr_log_writefile(counter_logfd, MOD_COUNTER_VERSION,
      "removed writer counter for '%s' (semaphore ID %d)", counter_curr_path,
      counter_curr_semid);

    counter_curr_path = NULL;
    counter_curr_semid = -1;
    counter_pending &= ~COUNTER_HAVE_WRITER;
  }

  return PR_DECLINED(cmd);
}
Beispiel #14
0
MODRET authfile_getpwent(cmd_rec *cmd) {
  struct passwd *pwd = NULL;

  pwd = af_getpwent();

  return pwd ? mod_create_data(cmd, pwd) : PR_DECLINED(cmd);
}
Beispiel #15
0
MODRET memcache_post_host(cmd_rec *cmd) {

  /* If the HOST command changed the main_server pointer, reinitialize
   * ourselves.
   */
  if (session.prev_server != NULL) {
    int res;
    config_rec *c;

    pr_event_unregister(&memcache_module, "core.exit", mcache_exit_ev);
    (void) close(memcache_logfd);

    c = find_config(session.prev_server->conf, CONF_PARAM, "MemcacheServers",
      FALSE);
    if (c != NULL) {
      memcached_server_st *memcache_servers;

      memcache_servers = c->argv[0];
      memcache_set_servers(memcache_servers);
    }

    /* XXX Restore other memcache settings? */

    res = mcache_sess_init();
    if (res < 0) {
      pr_session_disconnect(&memcache_module,
        PR_SESS_DISCONNECT_SESSION_INIT_FAILED, NULL);
    }
  }

  return PR_DECLINED(cmd);
}
Beispiel #16
0
MODRET pw_auth(cmd_rec *cmd) {
  time_t now;
  char *cpw;
  time_t lstchg = -1, max = -1, inact = -1, disable = -1;
  const char *name;

  name = cmd->argv[0];
  time(&now);

  cpw = _get_pw_info(cmd->tmp_pool, name, &lstchg, NULL, &max, NULL, &inact,
    &disable);

  if (!cpw)
    return PR_DECLINED(cmd);

  if (pr_auth_check(cmd->tmp_pool, cpw, cmd->argv[0], cmd->argv[1]))
    return PR_ERROR_INT(cmd, PR_AUTH_BADPWD);

  if (lstchg > (time_t) 0 &&
      max > (time_t) 0 &&
      inact > (time_t)0)
    if (now > lstchg + max + inact)
      return PR_ERROR_INT(cmd, PR_AUTH_AGEPWD);

  if (disable > (time_t) 0 &&
      now > disable)
    return PR_ERROR_INT(cmd, PR_AUTH_DISABLEDPWD);

  session.auth_mech = "mod_auth_unix.c";
  return PR_HANDLED(cmd);
}
Beispiel #17
0
MODRET authfile_getgrent(cmd_rec *cmd) {
  struct group *grp = NULL;

  grp = af_getgrent();

  return grp ? mod_create_data(cmd, grp) : PR_DECLINED(cmd);
}
Beispiel #18
0
MODRET limit_login_post_pass(cmd_rec *cmd) {
    /*
     * PASSを通過すると cmd->server->conf にユーザー名が入る様子
     * get_param_ptr()で取れる
     */
    char *user = get_param_ptr(cmd->server->conf, "UserName", FALSE);
    if(!user) {
        pr_log_auth(PR_LOG_NOTICE, "User unknown. Something Wrong");
        pr_response_send(R_530, _("Login incorrect."));
        end_login(0);
    }

    int dummy;
    if(session.dir_config &&
       session.dir_config->subset &&
       !login_check_limits(session.dir_config->subset, FALSE, TRUE ,&dummy)) {
            remove_config(cmd->server->conf, C_USER, FALSE);
            remove_config(cmd->server->conf, C_PASS, FALSE);
            pr_log_auth(PR_LOG_NOTICE, "%s: Limit access denies login.", user);
            pr_response_send(R_530, _("Login Denied."));
            end_login(0);
    }

    pr_log_debug(DEBUG5, "%s: ok login_check_limits() post PASS", user);
    return PR_DECLINED(cmd);
}
Beispiel #19
0
MODRET copy_post_pass(cmd_rec *cmd) {
  config_rec *c;

  if (copy_engine == FALSE) {
    return PR_DECLINED(cmd);
  }

  /* The CopyEngine directive may have been changed for this user by
   * e.g. mod_ifsession, thus we check again.
   */
  c = find_config(main_server->conf, CONF_PARAM, "CopyEngine", FALSE);
  if (c != NULL) {
    copy_engine = *((int *) c->argv[0]);
  }

  return PR_DECLINED(cmd);
}
Beispiel #20
0
MODRET authfile_getgrnam(cmd_rec *cmd) {
  struct group *grp = NULL;
  const char *name = cmd->argv[0];

  if (af_setgrent() < 0)
    return PR_DECLINED(cmd);

  while ((grp = af_getgrent()) != NULL) {
    if (strcmp(name, grp->gr_name) == 0) {

      /* Found the name requested */
      break;
    }
  }

  return grp ? mod_create_data(cmd, grp) : PR_DECLINED(cmd);
}
Beispiel #21
0
MODRET sftppam_auth(cmd_rec *cmd) {
  if (!sftppam_handle_auth) {
    return PR_DECLINED(cmd);
  }

  if (sftppam_auth_code != PR_AUTH_OK) {
    if (sftppam_authoritative) {
      return PR_ERROR_INT(cmd, sftppam_auth_code);
    }

    return PR_DECLINED(cmd);
  }

  session.auth_mech = "mod_sftp_pam.c";
  pr_event_register(&sftp_pam_module, "core.exit", sftppam_exit_ev, NULL);
  return PR_HANDLED(cmd);
}
Beispiel #22
0
MODRET pw_endgrent(cmd_rec *cmd) {
  if (persistent_passwd)
    p_endgrent();

  else
    endgrent();

  return PR_DECLINED(cmd);
}
Beispiel #23
0
MODRET pw_setpwent(cmd_rec *cmd) {
  if (persistent_passwd)
    p_setpwent();

  else
    setpwent();

  return PR_DECLINED(cmd);
}
Beispiel #24
0
MODRET authfile_getpwnam(cmd_rec *cmd) {
  struct passwd *pwd = NULL;
  const char *name = cmd->argv[0];

  if (af_setpwent() < 0)
    return PR_DECLINED(cmd);

  /* Ugly -- we iterate through the file.  Time-consuming. */
  while ((pwd = af_getpwent()) != NULL) {
    if (strcmp(name, pwd->pw_name) == 0) {

      /* Found the requested name */
      break;
    }
  }

  return pwd ? mod_create_data(cmd, pwd) : PR_DECLINED(cmd);
}
Beispiel #25
0
MODRET authfile_chkpass(cmd_rec *cmd) {
  const char *ciphertxt_pass = cmd->argv[0];
  const char *cleartxt_pass = cmd->argv[2];
  char *crypted_pass = NULL;

  if (!ciphertxt_pass) {
    pr_log_debug(DEBUG2, MOD_AUTH_FILE_VERSION
      ": missing ciphertext password for comparison");
    return PR_DECLINED(cmd);
  }

  if (!cleartxt_pass) {
    pr_log_debug(DEBUG2, MOD_AUTH_FILE_VERSION
      ": missing client-provided password for comparison");
    return PR_DECLINED(cmd);
  }

  /* Even though the AuthUserFile is not used here, there must be one
   * configured before this function should attempt to check the password.
   * Otherwise, it could be checking a password retrieved by some other
   * auth module.
   */
  if (!af_user_file)
    return PR_DECLINED(cmd);

  crypted_pass = crypt(cleartxt_pass, ciphertxt_pass);
  if (handle_empty_salt == TRUE &&
      strlen(ciphertxt_pass) == 0) {
    crypted_pass = "";
  }

  if (crypted_pass == NULL) {
    pr_log_debug(DEBUG0, MOD_AUTH_FILE_VERSION
      ": error using crypt(3): %s", strerror(errno));
    return PR_DECLINED(cmd);
  }

  if (strcmp(crypted_pass, ciphertxt_pass) == 0) {
    session.auth_mech = "mod_auth_file.c";
    return PR_HANDLED(cmd);
  }  

  return PR_DECLINED(cmd);
}
Beispiel #26
0
MODRET pw_setpwent(cmd_rec *cmd) {
  if (unix_persistent_passwd) {
    p_setpwent();

  } else {
    setpwent();
  }

  return PR_DECLINED(cmd);
}
Beispiel #27
0
MODRET pw_endgrent(cmd_rec *cmd) {
  if (unix_persistent_passwd) {
    p_endgrent();

  } else {
    endgrent();
  }

  return PR_DECLINED(cmd);
}
Beispiel #28
0
MODRET pw_getpwent(cmd_rec *cmd) {
  struct passwd *pw;

  if (persistent_passwd)
    pw = p_getpwent();

  else
    pw = getpwent();

  return pw ? mod_create_data(cmd, pw) : PR_DECLINED(cmd);
}
Beispiel #29
0
MODRET pw_getgrent(cmd_rec *cmd) {
  struct group *gr;

  if (persistent_passwd)
    gr = p_getgrent();

  else
    gr = getgrent();

  return gr ? mod_create_data(cmd, gr) : PR_DECLINED(cmd);
}
Beispiel #30
0
MODRET handle_getpwnam(cmd_rec *cmd) {
    const char *name;

    name = cmd->argv[0];
    getpwnam_count++;

    if (strcmp(name, PR_TEST_AUTH_NAME) != 0) {
        return PR_DECLINED(cmd);
    }

    return mod_create_data(cmd, &test_pwd);
}