END_TEST
START_TEST (filter_allow_path_test) {
int res;
config_rec *c;
pr_regex_t *allow_pre, *deny_pre;
xaset_t *set = NULL;
const char *path = NULL;
res = pr_filter_allow_path(NULL, NULL);
fail_unless(res < 0, "Failed to handle null arguments");
fail_unless(errno == EINVAL, "Failed to set errno to EINVAL");
mark_point();
c = add_config_param_set(&set, "test", 1, "test");
fail_if(c == NULL, "Failed to add config param: %s", strerror(errno));
path = "/foo/bar";
res = pr_filter_allow_path(set, path);
fail_unless(res == 0, "Failed to allow path '%s' with no configured filters",
path);
/* First, let's add a PathDenyFilter. */
deny_pre = pr_regexp_alloc(NULL);
res = pr_regexp_compile(deny_pre, "/bar$", 0);
fail_unless(res == 0, "Error compiling deny filter");
c = add_config_param_set(&set, "PathDenyFilter", 1, deny_pre);
fail_if(c == NULL, "Failed to add config param: %s", strerror(errno));
mark_point();
res = pr_filter_allow_path(set, path);
fail_unless(res == PR_FILTER_ERR_FAILS_DENY_FILTER,
"Failed to reject path '%s' with matching PathDenyFilter", path);
mark_point();
path = "/foo/baz";
res = pr_filter_allow_path(set, path);
fail_unless(res == 0,
"Failed to allow path '%s' with non-matching PathDenyFilter", path);
/* Now, let's add a PathAllowFilter. */
allow_pre = pr_regexp_alloc(NULL);
res = pr_regexp_compile(allow_pre, "/baz$", 0);
fail_unless(res == 0, "Error compiling allow filter");
c = add_config_param_set(&set, "PathAllowFilter", 1, allow_pre);
fail_if(c == NULL, "Failed to add config param: %s", strerror(errno));
mark_point();
path = "/foo/quxx";
res = pr_filter_allow_path(set, path);
fail_unless(res == PR_FILTER_ERR_FAILS_ALLOW_FILTER,
"Failed to allow path '%s' with matching PathAllowFilter", path);
}
MODRET copy_cpfr(cmd_rec *cmd) {
register unsigned int i;
int res;
char *path = "";
unsigned char *authenticated = NULL;
if (copy_engine == FALSE) {
return PR_DECLINED(cmd);
}
if (cmd->argc < 3 ||
strncasecmp(cmd->argv[1], "CPFR", 5) != 0) {
return PR_DECLINED(cmd);
}
authenticated = get_param_ptr(cmd->server->conf, "authenticated", FALSE);
if (authenticated == NULL ||
*authenticated == FALSE) {
pr_response_add_err(R_530, _("Please login with USER and PASS"));
pr_cmd_set_errno(cmd, EPERM);
errno = EPERM;
return PR_ERROR(cmd);
}
CHECK_CMD_MIN_ARGS(cmd, 3);
/* Construct the target file name by concatenating all the parameters after
* the "SITE CPFR", separating them with spaces.
*/
for (i = 2; i <= cmd->argc-1; i++) {
char *decoded_path;
decoded_path = pr_fs_decode_path2(cmd->tmp_pool, cmd->argv[i],
FSIO_DECODE_FL_TELL_ERRORS);
if (decoded_path == NULL) {
int xerrno = errno;
pr_log_debug(DEBUG8, "'%s' failed to decode properly: %s",
(char *) cmd->argv[i], strerror(xerrno));
pr_response_add_err(R_550,
_("%s: Illegal character sequence in filename"), cmd->arg);
pr_cmd_set_errno(cmd, xerrno);
errno = xerrno;
return PR_ERROR(cmd);
}
path = pstrcat(cmd->tmp_pool, path, *path ? " " : "", decoded_path, NULL);
}
res = pr_filter_allow_path(CURRENT_CONF, path);
switch (res) {
case 0:
break;
case PR_FILTER_ERR_FAILS_ALLOW_FILTER:
pr_log_debug(DEBUG2, MOD_COPY_VERSION
": 'CPFR %s' denied by PathAllowFilter", path);
pr_response_add_err(R_550, _("%s: Forbidden filename"), path);
pr_cmd_set_errno(cmd, EPERM);
errno = EPERM;
return PR_ERROR(cmd);
case PR_FILTER_ERR_FAILS_DENY_FILTER:
pr_log_debug(DEBUG2, MOD_COPY_VERSION
": 'CPFR %s' denied by PathDenyFilter", path);
pr_response_add_err(R_550, _("%s: Forbidden filename"), path);
pr_cmd_set_errno(cmd, EPERM);
errno = EPERM;
return PR_ERROR(cmd);
}
/* Allow renaming a symlink, even a dangling one. */
path = dir_canonical_vpath(cmd->tmp_pool, path);
if (!path ||
!dir_check_canon(cmd->tmp_pool, cmd, cmd->group, path, NULL) ||
!exists2(cmd->tmp_pool, path)) {
int xerrno = errno;
pr_response_add_err(R_550, "%s: %s", path, strerror(xerrno));
pr_cmd_set_errno(cmd, xerrno);
errno = xerrno;
return PR_ERROR(cmd);
}
if (pr_table_add(session.notes, "mod_copy.cpfr-path",
pstrdup(session.pool, path), 0) < 0) {
pr_trace_msg(trace_channel, 4,
"error adding 'mod_copy.cpfr-path' note: %s", strerror(errno));
}
pr_response_add(R_350,
_("File or directory exists, ready for destination name"));
return PR_HANDLED(cmd);
}
static int copy_paths(pool *p, const char *from, const char *to) {
struct stat st;
int res;
xaset_t *set;
set = get_dir_ctxt(p, (char *) to);
res = pr_filter_allow_path(set, to);
switch (res) {
case 0:
break;
case PR_FILTER_ERR_FAILS_ALLOW_FILTER:
pr_log_debug(DEBUG7, MOD_COPY_VERSION
": path '%s' denied by PathAllowFilter", to);
errno = EPERM;
return -1;
case PR_FILTER_ERR_FAILS_DENY_FILTER:
pr_log_debug(DEBUG7, MOD_COPY_VERSION
": path '%s' denied by PathDenyFilter", to);
errno = EPERM;
return -1;
}
/* Check whether from is a file, a directory, a symlink, or something
* unsupported.
*/
res = pr_fsio_lstat(from, &st);
if (res < 0) {
int xerrno = errno;
pr_log_debug(DEBUG7, MOD_COPY_VERSION ": error checking '%s': %s", from,
strerror(xerrno));
errno = xerrno;
return -1;
}
if (S_ISREG(st.st_mode)) {
char *abs_path;
pr_fs_clear_cache2(to);
res = pr_fsio_stat(to, &st);
if (res == 0) {
unsigned char *allow_overwrite;
allow_overwrite = get_param_ptr(CURRENT_CONF, "AllowOverwrite", FALSE);
if (allow_overwrite == NULL ||
*allow_overwrite == FALSE) {
pr_log_debug(DEBUG6,
MOD_COPY_VERSION ": AllowOverwrite permission denied for '%s'", to);
errno = EACCES;
return -1;
}
}
res = pr_fs_copy_file(from, to);
if (res < 0) {
int xerrno = errno;
pr_log_debug(DEBUG7, MOD_COPY_VERSION
": error copying file '%s' to '%s': %s", from, to, strerror(xerrno));
errno = xerrno;
return -1;
}
pr_fs_clear_cache2(to);
if (pr_fsio_stat(to, &st) < 0) {
pr_trace_msg(trace_channel, 3,
"error stat'ing '%s': %s", to, strerror(errno));
}
/* Write a TransferLog entry as well. */
abs_path = dir_abs_path(p, to, TRUE);
if (session.sf_flags & SF_ANON) {
xferlog_write(0, session.c->remote_name, st.st_size, abs_path,
(session.sf_flags & SF_ASCII ? 'a' : 'b'), 'd', 'a',
session.anon_user, 'c', "_");
} else {
xferlog_write(0, session.c->remote_name, st.st_size, abs_path,
(session.sf_flags & SF_ASCII ? 'a' : 'b'), 'd', 'r',
session.user, 'c', "_");
}
} else if (S_ISDIR(st.st_mode)) {
res = create_path(p, to);
if (res < 0) {
int xerrno = errno;
pr_log_debug(DEBUG7, MOD_COPY_VERSION
": error creating path '%s': %s", to, strerror(xerrno));
errno = xerrno;
return -1;
}
res = copy_dir(p, from, to);
if (res < 0) {
int xerrno = errno;
pr_log_debug(DEBUG7, MOD_COPY_VERSION
": error copying directory '%s' to '%s': %s", from, to,
strerror(xerrno));
errno = xerrno;
return -1;
}
} else if (S_ISLNK(st.st_mode)) {
pr_fs_clear_cache2(to);
res = pr_fsio_stat(to, &st);
if (res == 0) {
unsigned char *allow_overwrite;
allow_overwrite = get_param_ptr(CURRENT_CONF, "AllowOverwrite", FALSE);
if (allow_overwrite == NULL ||
*allow_overwrite == FALSE) {
pr_log_debug(DEBUG6, MOD_COPY_VERSION
": AllowOverwrite permission denied for '%s'", to);
errno = EACCES;
return -1;
}
}
res = copy_symlink(p, from, to);
if (res < 0) {
int xerrno = errno;
pr_log_debug(DEBUG7, MOD_COPY_VERSION
": error copying symlink '%s' to '%s': %s", from, to, strerror(xerrno));
errno = xerrno;
return -1;
}
} else {
pr_log_debug(DEBUG7, MOD_COPY_VERSION
": unsupported file type for '%s'", from);
errno = EINVAL;
return -1;
}
return 0;
}
