MODRET limit_login_post_pass(cmd_rec *cmd) { /* * PASSを通過すると cmd->server->conf にユーザー名が入る様子 * get_param_ptr()で取れる */ char *user = get_param_ptr(cmd->server->conf, "UserName", FALSE); if(!user) { pr_log_auth(PR_LOG_NOTICE, "User unknown. Something Wrong"); pr_response_send(R_530, _("Login incorrect.")); end_login(0); } int dummy; if(session.dir_config && session.dir_config->subset && !login_check_limits(session.dir_config->subset, FALSE, TRUE ,&dummy)) { remove_config(cmd->server->conf, C_USER, FALSE); remove_config(cmd->server->conf, C_PASS, FALSE); pr_log_auth(PR_LOG_NOTICE, "%s: Limit access denies login.", user); pr_response_send(R_530, _("Login Denied.")); end_login(0); } pr_log_debug(DEBUG5, "%s: ok login_check_limits() post PASS", user); return PR_DECLINED(cmd); }
END_TEST START_TEST (config_add_config_set_test) { int flags = PR_CONFIG_FL_INSERT_HEAD, res; xaset_t *set = NULL; const char *name = NULL; config_rec *c = NULL; res = remove_config(NULL, NULL, FALSE); fail_unless(res == 0, "Failed to handle null arguments: %s", strerror(errno)); name = "foo"; c = add_config_set(NULL, name); fail_unless(c == NULL, "Failed to handle null set argument"); fail_unless(errno == EINVAL, "Failed to set errno to EINVAL, got %d (%s)", errno, strerror(errno)); c = add_config_set(&set, name); fail_unless(c != NULL, "Failed to add config '%s' to set: %s", name, strerror(errno)); fail_unless(c->config_type == 0, "Expected config_type 0, got %d", c->config_type); res = remove_config(set, name, FALSE); fail_unless(res > 0, "Failed to remove config '%s': %s", name, strerror(errno)); name = "bar"; res = remove_config(set, name, FALSE); fail_unless(res == 0, "Removed config '%s' unexpectedly", name, strerror(errno)); c = pr_config_add_set(&set, name, flags); fail_unless(c != NULL, "Failed to add config '%s' to set: %s", name, strerror(errno)); /* XXX Note that calling this with recurse=TRUE yields a test timeout, * suggestive of an infinite loop that needs to be tracked down and * fixed. * * I suspect it's in find_config_next2() bit of code near the comment: * * Restart the search at the previous level if required * * Given the "shallowness" of this particular set. */ res = remove_config(set, name, FALSE); fail_unless(res > 0, "Failed to remove config '%s': %s", name, strerror(errno)); }
END_TEST START_TEST (config_add_config_test) { int res; const char *name = NULL; config_rec *c = NULL; server_rec *s = NULL; s = pr_parser_server_ctxt_open("127.0.0.1"); fail_unless(s != NULL, "Failed to open server context: %s", strerror(errno)); name = "foo"; mark_point(); c = add_config(NULL, name); fail_unless(c != NULL, "Failed to add config '%s': %s", name, strerror(errno)); fail_unless(c->config_type == 0, "Expected config_type 0, got %d", c->config_type); mark_point(); pr_config_dump(NULL, s->conf, NULL); c = add_config_param_set(&(c->subset), "bar", 1, "baz"); mark_point(); pr_config_dump(NULL, s->conf, NULL); mark_point(); res = remove_config(s->conf, name, FALSE); fail_unless(res > 0, "Failed to remove config '%s': %s", name, strerror(errno)); }
END_TEST START_TEST (config_add_server_config_param_str_test) { const char *name; config_rec *c; server_rec *s; mark_point(); c = pr_conf_add_server_config_param_str(NULL, NULL, 0); fail_unless(c == NULL, "Failed to handle null arguments"); fail_unless(errno == EINVAL, "Expected EINVAL (%d), got %s (%d)", EINVAL, strerror(errno)); mark_point(); s = pr_parser_server_ctxt_open("127.0.0.2"); fail_unless(s != NULL, "Failed to open server context: %s", strerror(errno)); mark_point(); name = "foo"; c = pr_conf_add_server_config_param_str(s, name, 1, "bar"); fail_unless(c != NULL, "Failed to add config '%s': %s", name, strerror(errno)); (void) remove_config(s->conf, name, FALSE); }
MODRET pw_getpwnam(cmd_rec *cmd) { struct passwd *pw; const char *name; name = cmd->argv[0]; if (persistent_passwd) { pw = p_getpwnam(name); } else { pw = getpwnam(name); } if (auth_unix_opts & AUTH_UNIX_OPT_MAGIC_TOKEN_CHROOT) { char *home_dir, *ptr; /* Here is where we do the "magic token" chroot monstrosity inflicted * on the world by wu-ftpd. * * If the magic token '/./' appears in the user's home directory, the * directory portion before the token is the directory to use for * the chroot; the directory portion after the token is the directory * to use for the initial chdir. */ home_dir = pstrdup(cmd->tmp_pool, pw->pw_dir); /* We iterate through the home directory string since it is possible * for the '.' character to appear without it being part of the magic * token. */ ptr = strchr(home_dir, '.'); while (ptr != NULL) { pr_signals_handle(); /* If we're at the start of the home directory string, stop looking: * this home directory is not really valid anyway. */ if (ptr == home_dir) { break; } /* Back up one character. */ ptr--; /* If we're at the start of the home directory now, stop looking: * this home directory cannot contain a valid magic token. I.e. * * /./home/foo * * cannot be valid, as there is no directory portion before the * token. */ if (ptr == home_dir) { break; } if (strncmp(ptr, "/./", 3) == 0) { char *default_chdir; config_rec *c; *ptr = '\0'; default_chdir = pstrdup(cmd->tmp_pool, ptr + 2); /* In order to make sure that this user is chrooted to this * directory, we remove all DefaultRoot directives and add a new * one. Same for the DefaultChdir directive. */ (void) remove_config(main_server->conf, "DefaultRoot", FALSE); c = add_config_param_set(&main_server->conf, "DefaultRoot", 1, NULL); c->argv[0] = pstrdup(c->pool, home_dir); (void) remove_config(main_server->conf, "DefaultChdir", FALSE); c = add_config_param_set(&main_server->conf, "DefaultChdir", 1, NULL); c->argv[0] = pstrdup(c->pool, default_chdir); pr_log_debug(DEBUG9, "AuthUnixOption magicTokenChroot: " "found magic token in '%s', using 'DefaultRoot %s' and " "'DefaultChdir %s'", pw->pw_dir, home_dir, default_chdir); /* We need to use a long-lived memory pool for overwriting the * normal home directory. */ pw->pw_dir = pstrdup(session.pool, home_dir); break; } ptr = strchr(ptr + 2, '.'); } } return pw ? mod_create_data(cmd, pw) : PR_DECLINED(cmd); }
END_TEST START_TEST (get_param_ptr_test) { void *res; int count; xaset_t *set = NULL; config_rec *c; const char *name = NULL; res = get_param_ptr(NULL, NULL, FALSE); fail_unless(res == NULL, "Failed to handle null arguments"); fail_unless(errno == ENOENT, "Failed to set errno to ENOENT, got %d (%s)", errno, strerror(errno)); mark_point(); name = "foo"; c = add_config_param_set(&set, name, 1, "bar"); fail_unless(c != NULL, "Failed to add config '%s': %s", name, strerror(errno)); name = "bar"; res = get_param_ptr(set, name, FALSE); fail_unless(res == NULL, "Failed to handle null arguments"); fail_unless(errno == ENOENT, "Failed to set errno to ENOENT, got %d (%s)", errno, strerror(errno)); mark_point(); /* We expect to find "foo", but a 'next' should be empty. Note that we * need to reset the get_param_ptr tree. */ get_param_ptr(NULL, NULL, FALSE); name = "foo"; res = get_param_ptr(set, name, FALSE); fail_unless(res != NULL, "Failed to find config '%s': %s", name, strerror(errno)); mark_point(); res = get_param_ptr_next(name, FALSE); fail_unless(res == NULL, "Found next config unexpectedly"); fail_unless(errno == ENOENT, "Failed to set errno to ENOENT, got %d (%s)", errno, strerror(errno)); /* Now add another config, find "foo" again; this time, a 'next' should * NOT be empty; it should find the 2nd config we added. */ name = "foo2"; c = add_config_param_set(&set, name, 1, "baz"); fail_unless(c != NULL, "Failed to add config '%s': %s", name, strerror(errno)); get_param_ptr(NULL, NULL, FALSE); name = NULL; res = get_param_ptr(set, name, FALSE); fail_unless(res != NULL, "Failed to find any config: %s", strerror(errno)); mark_point(); res = get_param_ptr_next(name, FALSE); fail_unless(res != NULL, "Expected to find another config"); mark_point(); name = "foo"; count = remove_config(set, name, FALSE); fail_unless(count > 0, "Failed to remove config '%s': %s", name, strerror(errno)); mark_point(); res = get_param_ptr(set, name, FALSE); fail_unless(res == NULL, "Found config '%s' unexpectedly", name); fail_unless(errno == ENOENT, "Failed to set errno to ENOENT, got %d (%s)", errno, strerror(errno)); }
END_TEST START_TEST (find_config2_test) { int res; config_rec *c; xaset_t *set = NULL; const char *name; unsigned long flags = 0; c = find_config2(NULL, -1, NULL, FALSE, flags); fail_unless(c == NULL, "Failed to handle null arguments"); fail_unless(errno == EINVAL, "Failed to set errno to EINVAL, got %d (%s)", errno, strerror(errno)); mark_point(); name = "foo"; c = add_config_param_set(&set, name, 0); fail_unless(c != NULL, "Failed to add config '%s': %s", name, strerror(errno)); name = "bar"; c = find_config2(set, -1, name, FALSE, flags); fail_unless(c == NULL, "Failed to handle null arguments"); fail_unless(errno == ENOENT, "Failed to set errno to ENOENT, got %d (%s)", errno, strerror(errno)); mark_point(); /* We expect to find "foo", but a 'next' should be empty. */ name = "foo"; c = find_config2(set, -1, name, FALSE, flags); fail_unless(c != NULL, "Failed to find config '%s': %s", name, strerror(errno)); mark_point(); c = find_config_next2(c, c->next, -1, name, FALSE, flags); fail_unless(c == NULL, "Found next config unexpectedly"); fail_unless(errno == ENOENT, "Failed to set errno to ENOENT, got %d (%s)", errno, strerror(errno)); /* Now add another config, find "foo" again; this time, a 'next' should * NOT be empty; it should find the 2nd config we added. */ name = "foo2"; c = add_config_param_set(&set, name, 0); fail_unless(c != NULL, "Failed to add config '%s': %s", name, strerror(errno)); name = NULL; c = find_config2(set, -1, name, FALSE, flags); fail_unless(c != NULL, "Failed to find any config: %s", strerror(errno)); mark_point(); c = find_config_next2(c, c->next, -1, name, FALSE, flags); fail_unless(c != NULL, "Expected to find another config"); mark_point(); name = "foo"; res = remove_config(set, name, FALSE); fail_unless(res > 0, "Failed to remove config '%s': %s", name, strerror(errno)); mark_point(); c = find_config2(set, -1, name, FALSE, flags); fail_unless(c == NULL, "Found config '%s' unexpectedly", name); fail_unless(errno == ENOENT, "Failed to set errno to ENOENT, got %d (%s)", errno, strerror(errno)); }