static int pw_pgsql_connect(PGconn ** const id_sql_server)
{
char *conninfo = NULL;
size_t sizeof_conninfo;
char *escaped_server = NULL;
char *escaped_db = NULL;
char *escaped_user = NULL;
char *escaped_pw = NULL;
int ret = -1;
*id_sql_server = NULL;
if ((escaped_server = pw_pgsql_escape_string(server)) == NULL ||
(escaped_db = pw_pgsql_escape_string(db)) == NULL ||
(escaped_user = pw_pgsql_escape_string(user)) == NULL ||
(escaped_pw = pw_pgsql_escape_string(pw)) == NULL) {
goto bye;
}
#define PGSQL_CONNECT_FMTSTRING \
"host='%s' port='%d' dbname='%s' user='******' password='******'"
sizeof_conninfo = sizeof PGSQL_CONNECT_FMTSTRING +
strlen(escaped_server) + (size_t) 5U + strlen(escaped_db) +
strlen(escaped_user) + strlen(escaped_pw);
if ((conninfo = malloc(sizeof_conninfo)) == NULL) {
goto bye;
}
if (SNCHECK(snprintf(conninfo, sizeof_conninfo,
PGSQL_CONNECT_FMTSTRING,
server, port, db, user, pw), sizeof_conninfo)) {
goto bye;
}
if ((*id_sql_server = PQconnectdb(conninfo)) == NULL ||
PQstatus(*id_sql_server) == CONNECTION_BAD) {
free(conninfo);
if (server_down == 0) {
server_down++;
logfile(LOG_ERR, MSG_SQL_DOWN);
}
goto bye;
}
server_down = 0;
ret = 0;
bye:
free(conninfo);
free(escaped_server);
free(escaped_db);
free(escaped_user);
free(escaped_pw);
return ret;
}
void pw_pgsql_check(AuthResult * const result,
const char *account, const char *password,
const struct sockaddr_storage * const sa,
const struct sockaddr_storage * const peer)
{
PGconn *id_sql_server = NULL;
const char *spwd = NULL; /* stored password */
const char *uid = sql_default_uid; /* stored system login/uid */
const char *gid = sql_default_gid; /* stored system group/gid */
const char *dir = NULL; /* stored home directory */
#ifdef QUOTAS
const char *sqta_fs = NULL; /* stored quota files */
const char *sqta_sz = NULL; /* stored quota size */
#endif
#ifdef RATIOS
const char *ratio_ul = NULL; /* stored ratio UL */
const char *ratio_dl = NULL; /* stored ratio DL */
#endif
#ifdef THROTTLING
const char *bandwidth_ul = NULL; /* stored bandwidth UL */
const char *bandwidth_dl = NULL; /* stored bandwidth DL */
#endif
char *escaped_account = NULL;
char *escaped_ip = NULL;
char *escaped_port = NULL;
char *escaped_peer_ip = NULL;
char *escaped_decimal_ip = NULL;
char *scrambled_password = NULL;
int committed = 1;
int crypto_crypt = 0, crypto_plain = 0, crypto_md5 = 0, crypto_md5sha1 = 0; /* TRICK */
unsigned long decimal_ip_num = 0UL;
char decimal_ip[42];
char hbuf[NI_MAXHOST];
char pbuf[NI_MAXSERV];
char phbuf[NI_MAXHOST];
result->auth_ok = 0;
if (pw_pgsql_validate_name(account) != 0) {
goto bye;
}
if (getnameinfo((const struct sockaddr *) sa, STORAGE_LEN(*sa),
hbuf, sizeof hbuf, pbuf, sizeof pbuf,
NI_NUMERICHOST | NI_NUMERICSERV) != 0 ||
getnameinfo((const struct sockaddr *) peer, STORAGE_LEN(*peer),
phbuf, sizeof phbuf, NULL, (size_t) 0U,
NI_NUMERICHOST) != 0) {
goto bye;
}
*decimal_ip = 0;
//if (STORAGE_FAMILY(*peer) == AF_INET) {
const unsigned char *decimal_ip_raw =
(const unsigned char *) &(STORAGE_SIN_ADDR(*peer));
decimal_ip_num = (decimal_ip_raw[0] << 24) |
(decimal_ip_raw[1] << 16) | (decimal_ip_raw[2] << 8) |
decimal_ip_raw[3];
if (SNCHECK(snprintf(decimal_ip, sizeof decimal_ip,
"%lu", decimal_ip_num), sizeof decimal_ip)) {
goto bye;
}
//}
if (pw_pgsql_connect(&id_sql_server) != 0) {
goto bye;
}
if ((escaped_account =
pw_pgsql_escape_string(account)) == NULL) {
goto bye;
}
if ((escaped_ip =
pw_pgsql_escape_string(hbuf)) == NULL) {
goto bye;
}
if ((escaped_port =
pw_pgsql_escape_string(pbuf)) == NULL) {
goto bye;
}
if ((escaped_peer_ip =
pw_pgsql_escape_string(phbuf)) == NULL) {
goto bye;
}
if ((escaped_decimal_ip =
pw_pgsql_escape_string(decimal_ip)) == NULL) {
goto bye;
}
if (pw_pgsql_simplequery(id_sql_server, PGSQL_TRANSACTION_START) == 0) {
committed = 0;
}
/*logfile(LOG_WARNING, "START AUTH 2 [%s]", sqlreq_getpw); */
if ((spwd = pw_pgsql_getquery(id_sql_server, sqlreq_getpw,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip)) == NULL) {
goto bye;
}
/*logfile(LOG_WARNING, "START AUTH 3 [%s]", sqlreq_getuid);*/
if (uid == NULL) {
uid = pw_pgsql_getquery(id_sql_server, sqlreq_getuid,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip);
}
if (uid == NULL) {
goto bye;
}
/*logfile(LOG_WARNING, "START AUTH 4 [%s]", sqlreq_getgid);*/
if (gid == NULL) {
gid = pw_pgsql_getquery(id_sql_server, sqlreq_getgid,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip);
}
if (gid == NULL) {
goto bye;
}
/*logfile(LOG_WARNING, "START AUTH 5 [%s]", sqlreq_getdir);*/
if ((dir = pw_pgsql_getquery(id_sql_server, sqlreq_getdir,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip)) == NULL) {
goto bye;
}
result->auth_ok--; /* -1 */
if (strcasecmp(crypto, PASSWD_SQL_ANY) == 0) {
crypto_crypt++;
crypto_md5++;
} else if (strcasecmp(crypto, PASSWD_SQL_CRYPT) == 0) {
crypto_crypt++;
} else if (strcasecmp(crypto, PASSWD_SQL_MD5) == 0) {
crypto_md5++;
} else if (strcasecmp(crypto, PASSWD_SQL_MD5SHA1) == 0) {
crypto_md5sha1++; /* TRICK */
} else { /* default to plaintext */
crypto_plain++;
}
if (crypto_crypt != 0) {
register const char *crypted;
if ((crypted = (const char *) crypt(password, spwd)) != NULL &&
strcmp(crypted, spwd) == 0) {
goto auth_ok;
}
}
if (crypto_md5 != 0) {
register const char *crypted;
if ((crypted = (const char *) crypto_hash_md5(password, 1)) != NULL &&
strcmp(crypted, spwd) == 0) {
goto auth_ok;
}
}
if (crypto_md5sha1 != 0) { /* TRICK */
register const char *crypted;
if ((crypted = (const char *) crypto_hash_sha1(password, 1)) != NULL ) {
if ((crypted = (const char *) crypto_hash_md5(crypted, 1)) != NULL &&
strcmp(crypted, spwd) == 0) {
goto auth_ok;
}
}
}
if (crypto_plain != 0) {
if (*password != 0 && /* refuse null cleartext passwords */
strcmp(password, spwd) == 0) {
goto auth_ok;
}
}
goto bye;
auth_ok:
/*
* do *NOT* accept root uid/gid - if the database is compromized, the FTP
* server could also be rooted.
*/
result->uid = (uid_t) strtoul(uid, NULL, 10);
if (result->uid <= (uid_t) 0) {
struct passwd *pw;
if ((pw = getpwnam(uid)) == NULL || pw->pw_uid <= (uid_t) 0) {
goto bye;
}
result->uid = pw->pw_uid;
}
result->gid = (gid_t) strtoul(gid, NULL, 10);
if (result->gid <= (gid_t) 0) {
struct group *gr;
if ((gr = getgrnam(gid)) == NULL || gr->gr_gid <= (gid_t) 0) {
goto bye;
}
result->gid = gr->gr_gid;
}
result->dir = dir;
dir = NULL;
#ifdef QUOTAS
if ((sqta_fs = pw_pgsql_getquery(id_sql_server, sqlreq_getqta_fs,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip)) != NULL) {
const unsigned long long q = strtoull(sqta_fs, NULL, 10);
if (q > 0ULL) {
result->user_quota_files = q;
result->quota_files_changed = 1;
}
}
if ((sqta_sz = pw_pgsql_getquery(id_sql_server, sqlreq_getqta_sz,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip)) != NULL) {
const unsigned long long q = strtoull(sqta_sz, NULL, 10);
if (q > 0ULL) {
result->user_quota_size = q * (1024UL * 1024UL);
result->quota_size_changed = 1;
}
}
#endif
#ifdef RATIOS
if ((ratio_ul = pw_pgsql_getquery(id_sql_server, sqlreq_getratio_ul,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip)) != NULL) {
const unsigned int q = (unsigned int) strtoul(ratio_ul, NULL, 10);
if (q > 0U) {
result->ratio_upload = q;
result->ratio_ul_changed = 1;
}
}
if ((ratio_dl = pw_pgsql_getquery(id_sql_server, sqlreq_getratio_dl,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip)) != NULL) {
const unsigned int q = (unsigned int) strtoul(ratio_dl, NULL, 10);
if (q > 0U) {
result->ratio_download = q;
result->ratio_dl_changed = 1;
}
}
#endif
#ifdef THROTTLING
if ((bandwidth_ul = pw_pgsql_getquery(id_sql_server, sqlreq_getbandwidth_ul,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip)) != NULL) {
const unsigned long q = (unsigned long) strtoul(bandwidth_ul, NULL, 10);
if (q > 0UL) {
result->throttling_bandwidth_ul = q * 1024UL;
result->throttling_ul_changed = 1;
}
}
if ((bandwidth_dl = pw_pgsql_getquery(id_sql_server, sqlreq_getbandwidth_dl,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip)) != NULL) {
const unsigned long q = (unsigned long) strtoul(bandwidth_dl, NULL, 10);
if (q > 0UL) {
result->throttling_bandwidth_dl = q * 1024UL;
result->throttling_dl_changed = 1;
}
}
#endif
result->slow_tilde_expansion = 1;
result->auth_ok =- result->auth_ok;
bye:
if (committed == 0) {
(void) pw_pgsql_simplequery(id_sql_server, PGSQL_TRANSACTION_END);
}
if (id_sql_server != NULL) {
PQfinish(id_sql_server);
}
if (spwd != NULL) {
free((void *) spwd);
}
if (uid != NULL) {
free((void *) uid);
}
if (gid != NULL) {
free((void *) gid);
}
if (dir != NULL) {
free((void *) dir);
}
if (scrambled_password != NULL) {
free(scrambled_password);
}
#ifdef QUOTAS
if (sqta_fs != NULL) {
free((void *) sqta_fs);
}
if (sqta_sz != NULL) {
free((void *) sqta_sz);
}
#endif
#ifdef RATIOS
if (ratio_ul != NULL) {
free((void *) ratio_ul);
}
if (ratio_dl != NULL) {
free((void *) ratio_dl);
}
#endif
#ifdef THROTTLING
if (bandwidth_ul != NULL) {
free((void *) bandwidth_ul);
}
if (bandwidth_dl != NULL) {
free((void *) bandwidth_dl);
}
#endif
if (escaped_account != NULL) {
free((void *) escaped_account);
}
if (escaped_ip != NULL) {
free((void *) escaped_ip);
}
if (escaped_port != NULL) {
free((void *) escaped_port);
}
if (escaped_peer_ip != NULL) {
free((void *) escaped_peer_ip);
}
if (escaped_decimal_ip != NULL) {
free((void *) escaped_decimal_ip);
}
}
int pw_pgsql_connect(PGconn ** const id_sql_server)
{
char *conninfo = NULL;
size_t sizeof_conninfo;
char *escaped_server = NULL;
char *escaped_db = NULL;
char *escaped_user = NULL;
char *escaped_pw = NULL;
int ret = -1;
*id_sql_server = NULL;
server = malloc(16);
db = malloc(16);
user = malloc(16);
pw = malloc(16);
snprintf( server, 10,"localhost");
snprintf( db, 9,"fastprod");
snprintf( user, 9,"fastprod");
snprintf( pw, 9,"fastprod");
if ((escaped_server = pw_pgsql_escape_string(server)) == NULL ||
(escaped_db = pw_pgsql_escape_string(db)) == NULL ||
(escaped_user = pw_pgsql_escape_string(user)) == NULL ||
(escaped_pw = pw_pgsql_escape_string(pw)) == NULL) {
rprintf(FLOG,"ERR escaping\n");
goto bye;
}
//rprintf(FLOG,"ERR conninfo:%s-%s\n",escaped_server,server);
#define PGSQL_CONNECT_FMTSTRING \
"host='%s' port='%d' dbname='%s' user='******' password='******'"
sizeof_conninfo = sizeof PGSQL_CONNECT_FMTSTRING +
strlen(escaped_server) + (size_t) 5U + strlen(escaped_db) +
strlen(escaped_user) + strlen(escaped_pw);
if ((conninfo = malloc(sizeof_conninfo)) == NULL) {
rprintf(FLOG,"ERR malloc(sizeof_conninfo)\n");
goto bye;
}
if (SNCHECK(snprintf(conninfo, sizeof_conninfo,
PGSQL_CONNECT_FMTSTRING,
server, port, db, user, pw), sizeof_conninfo)) {
rprintf(FLOG,"ERR SNCHECK()\n");
goto bye;
}
//rprintf(FLOG,"ERR conninfo:%s\n",conninfo);
if ((*id_sql_server = PQconnectdb(conninfo)) == NULL ||
PQstatus(*id_sql_server) == CONNECTION_BAD) {
free(conninfo);
if (server_down == 0) {
server_down++;
//logfile(LOG_ERR, MSG_SQL_DOWN);
}
rprintf(FLOG,"ERR PQconnectdb\n");
goto bye;
}
server_down = 0;
ret = 0;
bye:
free(conninfo);
free(escaped_server);
free(escaped_db);
free(escaped_user);
free(escaped_pw);
return ret;
}
