Ejemplo n.º 1
0
int
main(int argc, char *argv[])
{
	char 	logname[12];

	if (argc != 4) return -1;
	sprintf(logname, "tester%d", atoi(argv[1]));
	mylog_open(logname);
	sleep(atoi(argv[2]));
	mylog_write("log test 1");
	sleep(atoi(argv[3]));
	mylog_write("Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! Too long! ");
	mylog_close();
	return 0;
}
Ejemplo n.º 2
0
int main(int ac, char **av, char **env)
{
	char *hostname;
	int is_command = 0;
	int is_sftp = 0;

	create_hash();
	if (ac == 3 && av[1] != NULL && av[2] != NULL && strcmp("-c", av[1]) == 0
			&& (strstr(av[2], "sftp-server") != NULL || strstr(av[2], "MySecureShell") != NULL))
		is_sftp = 1;
	else if (ac >= 3 && av[1] != NULL && av[2] != NULL && strcmp("-c", av[1]) == 0)
		is_command = 1;
	else
		parse_args(ac, av);
	hostname = get_ip(0);
	(void) setenv("SSH_IP", hostname, 1);
	free(hostname);
	FileSpecInit();
	load_config(0);
	if (is_sftp == 1)
	{
		tGlobal	*params;
		char	*ptr;
		int		max, fd, sftp_version;

		hostname = get_ip(hash_get_int("ResolveIP"));
		if (hostname == NULL)
		{
			perror("unable to resolve ip");
			exit(16);
		}
		params = calloc(1, sizeof(*params));
		if (params == NULL)
		{
			perror("unable to alloc memory");
			exit(15);
		}
		ptr = hash_get("Home");
		params->home = strdup(ptr == NULL ? "{error home}" : ptr);
		ptr = hash_get("User");
		params->user = strdup(ptr == NULL ? "{error user}" : ptr);
		params->ip = strdup(hostname == NULL ? "{error ip}" : hostname);
		params->portSource = get_port_client();

		params->who = SftpWhoGetStruct(1);
		if (params->who != NULL)
		{
			params->who->time_begin = (u_int32_t) time(0);
			params->who->pid = (u_int32_t) getpid();
			(void) strncat(params->who->home, params->home, sizeof(params->who->home) - 1);
			(void) strncat(params->who->user, params->user, sizeof(params->who->user) - 1);
			(void) strncat(params->who->ip, params->ip, sizeof(params->who->ip) - 1);
		}
		//check if the server is up and user is not admin
		if ((fd = open(SHUTDOWN_FILE, O_RDONLY)) >= 0)
		{
			xclose(fd);
			if (hash_get_int("IsAdmin") == 0 && hash_get_int("IsSimpleAdmin") == 0)
			{
				SftpWhoReleaseStruct(params->who);
				delete_hash();
				FileSpecDestroy();
				exit(0);
			}
		}
		max = hash_get_int("LogSyslog");
		if (hash_get("LogFile") != NULL)
			mylog_open(strdup(hash_get("LogFile")), max);
		else
			mylog_open(strdup(MSS_LOG), max);
		if (params->who == NULL)
		{
			mylog_printf(MYLOG_ERROR, "[%s]Server '%s' reached maximum connexion (%i clients)",
					hash_get("User"), hash_get("SERVER_IP"), SFTPWHO_MAXCLIENT);
			SftpWhoReleaseStruct(NULL);
			delete_hash();
			FileSpecDestroy();
			mylog_close_and_free();
			exit(14);
		}
		max = hash_get_int("LimitConnectionByUser");
		if (max > 0 && count_program_for_uid(hash_get("User")) > max)
		{
			mylog_printf(MYLOG_ERROR, "[%s]Too many connection for this account",
					hash_get("User"));
			SftpWhoReleaseStruct(params->who);
			delete_hash();
			FileSpecDestroy();
			exit(10);
		}
		max = hash_get_int("LimitConnectionByIP");
		if (max > 0 && count_program_for_ip(hostname) > max)
		{
			mylog_printf(MYLOG_ERROR, "[%s]Too many connection for this IP : %s",
					hash_get("User"), hostname);
			SftpWhoReleaseStruct(params->who);
			delete_hash();
			FileSpecDestroy();
			exit(11);
		}
		max = hash_get_int("LimitConnection");
		if (max > 0 && count_program_for_uid(NULL) > max)
		{
			mylog_printf(MYLOG_ERROR, "[%s]Too many connection for the server : %s",
					hash_get("User"), hash_get("SERVER_IP"));
			SftpWhoReleaseStruct(params->who);
			delete_hash();
			FileSpecDestroy();
			exit(12);
		}
		if (hash_get_int("DisableAccount"))
		{
			mylog_printf(MYLOG_ERROR, "[%s]Account is closed", hash_get("User"));
			SftpWhoReleaseStruct(params->who);
			delete_hash();
			FileSpecDestroy();
			exit(13);
		}

		params->flagsGlobals
				|= (hash_get_int("StayAtHome") ? SFTPWHO_STAY_AT_HOME : 0)
						+ (hash_get_int("VirtualChroot") ? SFTPWHO_VIRTUAL_CHROOT : 0)
						+ (hash_get_int("ResolveIP") ? SFTPWHO_RESOLVE_IP : 0)
						+ (hash_get_int("IgnoreHidden") ? SFTPWHO_IGNORE_HIDDEN : 0)
						+ (hash_get_int("DirFakeUser") ? SFTPWHO_FAKE_USER : 0)
						+ (hash_get_int("DirFakeGroup") ? SFTPWHO_FAKE_GROUP : 0)
						+ (hash_get_int("DirFakeMode") ? SFTPWHO_FAKE_MODE : 0)
						+ (hash_get_int("HideNoAccess") ? SFTPWHO_HIDE_NO_ACESS : 0)
						+ (hash_get_int("ByPassGlobalDownload") ? SFTPWHO_BYPASS_GLB_DWN : 0)
						+ (hash_get_int("ByPassGlobalUpload") ? SFTPWHO_BYPASS_GLB_UPL : 0)
						+ (hash_get_int("ShowLinksAsLinks") ? SFTPWHO_LINKS_AS_LINKS : 0)
						+ (hash_get_int("IsAdmin") ? SFTPWHO_IS_ADMIN : 0)
						+ (hash_get_int("IsSimpleAdmin") ? SFTPWHO_IS_SIMPLE_ADMIN : 0)
						+ (hash_get_int("CanChangeRights") ? SFTPWHO_CAN_CHG_RIGHTS : 0)
						+ (hash_get_int("CanChangeTime") ? SFTPWHO_CAN_CHG_TIME : 0)
						+ (hash_get_int("CreateHome") ? SFTPWHO_CREATE_HOME : 0);
		params->flagsDisable
				= (hash_get_int("DisableRemoveDir") ? SFTP_DISABLE_REMOVE_DIR : 0)
						+ (hash_get_int("DisableRemoveFile") ? SFTP_DISABLE_REMOVE_FILE : 0)
						+ (hash_get_int("DisableReadDir") ? SFTP_DISABLE_READ_DIR : 0)
						+ (hash_get_int("DisableReadFile") ? SFTP_DISABLE_READ_FILE : 0)
						+ (hash_get_int("DisableWriteFile") ? SFTP_DISABLE_WRITE_FILE : 0)
						+ (hash_get_int("DisableSetAttribute") ? SFTP_DISABLE_SET_ATTRIBUTE : 0)
						+ (hash_get_int("DisableMakeDir") ? SFTP_DISABLE_MAKE_DIR : 0)
						+ (hash_get_int("DisableRename") ? SFTP_DISABLE_RENAME : 0)
						+ (hash_get_int("DisableSymLink") ? SFTP_DISABLE_SYMLINK : 0)
						+ (hash_get_int("DisableOverwrite") ? SFTP_DISABLE_OVERWRITE : 0)
						+ (hash_get_int("DisableStatsFs") ? SFTP_DISABLE_STATSFS : 0);
		params->who->status |= params->flagsGlobals;
		_sftpglobal->download_max = (u_int32_t) hash_get_int("GlobalDownload");
		_sftpglobal->upload_max = (u_int32_t) hash_get_int("GlobalUpload");
		if (hash_get_int("Download") > 0)
		{
			params->download_max = (u_int32_t) hash_get_int("Download");
			params->who->download_max = params->download_max;
		}
		if (hash_get_int("Upload") > 0)
		{
			params->upload_max = (u_int32_t) hash_get_int("Upload");
			params->who->upload_max = params->upload_max;
		}
		if (hash_get_int("IdleTimeOut") > 0)
			params->who->time_maxidle = (u_int32_t) hash_get_int("IdleTimeOut");
		if (hash_get_int("DirFakeMode") > 0)
			params->dir_mode = (u_int32_t) hash_get_int("DirFakeMode");
		sftp_version = hash_get_int("SftpProtocol");
		if (hash_get_int("ConnectionMaxLife") > 0)
			params->who->time_maxlife = (u_int32_t) hash_get_int("ConnectionMaxLife");
		if (hash_get("ExpireDate") != NULL)
		{
			struct tm tm;
			time_t currentTime, maxTime;

			if (strptime((const char *) hash_get("ExpireDate"),
					"%Y-%m-%d %H:%M:%S", &tm) != NULL)
			{
				maxTime = mktime(&tm);
				currentTime = time(NULL);
				if (currentTime > maxTime) //time elapsed
				{
					mylog_printf(MYLOG_ERROR, "[%s]Account has expired : %s",
							hash_get("User"), hash_get("ExpireDate"));
					SftpWhoReleaseStruct(params->who);
					delete_hash();
					mylog_close_and_free();
					exit(15);
				}
				else
				{ //check if expireDate < time_maxlife
					currentTime = maxTime - currentTime;
					if ((u_int32_t) currentTime < params->who->time_maxlife)
						params->who->time_maxlife = (u_int32_t) currentTime;
				}
			} DEBUG((MYLOG_DEBUG, "[%s][%s]ExpireDate time to rest: %i",
							params->who->user, params->who->ip, params->who->time_maxlife));
		}

		if (hash_exists("MaxOpenFilesForUser") == MSS_TRUE)
			params->max_openfiles = hash_get_int("MaxOpenFilesForUser");
		if (hash_exists("MaxReadFilesForUser") == MSS_TRUE)
			params->max_readfiles = hash_get_int("MaxReadFilesForUser");
		if (hash_exists("MaxWriteFilesForUser") == MSS_TRUE)
			params->max_writefiles = hash_get_int("MaxWriteFilesForUser");

		if (hash_get_int("MinimumRightsDirectory") > 0)
			params->minimum_rights_directory = hash_get_int(
					"MinimumRightsDirectory");
		if (hash_get_int("MinimumRightsFile") > 0)
			params->minimum_rights_file = hash_get_int("MinimumRightsFile");
		if (hash_get_int("MaximumRightsDirectory") > 0)
			params->maximum_rights_directory = hash_get_int(
					"MaximumRightsDirectory");
		else
			params->maximum_rights_directory = 07777;
		if (hash_get_int("MaximumRightsFile") > 0)
			params->maximum_rights_file = hash_get_int("MaximumRightsFile");
		else
			params->maximum_rights_file = 07777;
		if (hash_get_int("DefaultRightsDirectory") > 0)
			params->default_rights_directory = hash_get_int("DefaultRightsDirectory");
		else
			params->default_rights_directory = 0755;
		if (hash_get_int("DefaultRightsFile") > 0)
			params->default_rights_file = hash_get_int("DefaultRightsFile");
		else
			params->default_rights_file = 0644;
		if (hash_get_int("ForceRightsDirectory") > 0)
		{
			params->minimum_rights_directory = hash_get_int("ForceRightsDirectory");
			params->maximum_rights_directory = params->minimum_rights_directory;
		}
		if (hash_get_int("ForceRightsFile") > 0)
		{
			params->minimum_rights_file = hash_get_int("ForceRightsFile");
			params->maximum_rights_file = params->minimum_rights_file;
		}

		if (hash_get("ForceUser") != NULL)
			params->force_user = strdup(hash_get("ForceUser"));
		if (hash_get("ForceGroup") != NULL)
			params->force_group = strdup(hash_get("ForceGroup"));

		if (hash_get("Charset") != NULL)
			setCharset(hash_get("Charset"));
		if (hash_get("ApplyFileSpec") != NULL)
			FileSpecActiveProfils(hash_get("ApplyFileSpec"), 0);
		delete_hash();
		if (hostname != NULL)
			free(hostname);
		params->current_user = getuid();
		params->current_group = getgid();
		return (SftpMain(params, sftp_version));
	}
	else
	{
		char *ptr;

		if (getuid() != geteuid())
		//if we are in utset byte mode then we restore user's rights to avoid security problems
		{
			if (seteuid(getuid()) == -1 || setegid(getgid()) == -1)
			{
				perror("revoke root rights");
				exit(1);
			}
		}
		ptr = hash_get("Shell");
		if (ptr != NULL)
		{
			if (strcmp(ptr, av[0]) != 0)
			{
				av[0] = ptr;
				if (is_command == 1)
				{
					size_t	len = 0;
					char	**new_env;
					char	*cmd, *envVar;
					int		i;

					for (i = 2; i < ac; i++)
						len += strlen(av[i]);
					cmd = malloc(len + ac + 1);
					envVar = malloc(len + ac + 1 + 21);
					cmd[0] = '\0';
					for (i = 2; i < ac; i++)
					{
						if (i > 2)
							strcat(cmd, " ");
						strcat(cmd, av[i]);
					}
					av[2] = cmd;
					av[3] = NULL;
					strcpy(envVar, "SSH_ORIGINAL_COMMAND=");
					strcat(envVar, cmd);
					len = 0;
					for (i = 0; env[i] != NULL; i++)
						len++;
					new_env = calloc(len + 2, sizeof(*new_env));
					for (i = 0; i < len; i++)
						new_env[i] = env[i];
					new_env[len] = envVar;
					(void) execve(av[0], av, new_env);
				}
				else
					(void) execve(av[0], av, env);
				perror("execute shell");
			}
			else
				(void) fprintf(stderr, "You cannot specify MySecureShell has shell (in the MySecureShell configuration) !");
		}
		else
			(void) fprintf(stderr, "Shell access is disabled !");
		exit(1);
	}
}
Ejemplo n.º 3
0
void mylog_printf(int level, const char *str, ...)
{
	va_list ap;
	char buffer[1024];
	size_t size;

	if (_log != NULL && _log->useSyslog == 1)
	{
		int logprio;

		switch (level)
		{
		case MYLOG_DEBUG: logprio = LOG_DEBUG; break;
		case MYLOG_WARNING: logprio = LOG_WARNING; break;
		case MYLOG_ERROR: logprio = LOG_ERR; break;
		case MYLOG_TRANSFERT: logprio = LOG_NOTICE; break;
		default: logprio = LOG_INFO; break;
		}
		va_start(ap, str);
		vsyslog(logprio, str, ap);
		va_end(ap);
	}
	if (_log != NULL && _log->file != NULL)
	{
		struct tm *tm;
		time_t t;
		char fmt[1024];

		if (_log->nextReopen == 1)
		{
			_log->nextReopen = 0;
			mylog_close();
			mylog_open(_log->file, _log->useSyslog);
		}
		t = time(NULL);
		if ((tm = localtime(&t)) == NULL)
		{
			if (snprintf(fmt, sizeof(buffer), "[Error with time] [%i]%s\n", _log->pid, str) > 0)
				goto forceShowLog;
			return;
		}
#ifndef HAVE_LOG_IN_COLOR
		if (snprintf(fmt, sizeof(buffer), "%i-%02i-%02i %02i:%02i:%02i [%i]%s\n",
				1900 + tm->tm_year, 1 + tm->tm_mon, tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec,
				_log->pid, str) > 0)
#else
		if (level < 0 || level >= MYLOG_MAX)
			level = MYLOG_ERROR;
		if (snprintf(fmt, sizeof(buffer), "%i-%02i-%02i %02i:%02i:%02i \33[%i:%i:%im[%i]%s\33[37:40:0m\n",
				1900 + tm->tm_year, 1 + tm->tm_mon, tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec,
				_log->color[level][0], _log->color[level][1], _log->color[level][2], _log->pid, str) > 0)
#endif
		{
forceShowLog:
			va_start(ap, str);
			if ((size = vsnprintf(buffer, sizeof(buffer), fmt, ap)) > 0)
				(void) write(_log->fd, buffer, size);
			va_end(ap);
		}
	}
}