MODRET limit_login_post_pass(cmd_rec *cmd) {
/*
* PASSを通過すると cmd->server->conf にユーザー名が入る様子
* get_param_ptr()で取れる
*/
char *user = get_param_ptr(cmd->server->conf, "UserName", FALSE);
if(!user) {
pr_log_auth(PR_LOG_NOTICE, "User unknown. Something Wrong");
pr_response_send(R_530, _("Login incorrect."));
end_login(0);
}
int dummy;
if(session.dir_config &&
session.dir_config->subset &&
!login_check_limits(session.dir_config->subset, FALSE, TRUE ,&dummy)) {
remove_config(cmd->server->conf, C_USER, FALSE);
remove_config(cmd->server->conf, C_PASS, FALSE);
pr_log_auth(PR_LOG_NOTICE, "%s: Limit access denies login.", user);
pr_response_send(R_530, _("Login Denied."));
end_login(0);
}
pr_log_debug(DEBUG5, "%s: ok login_check_limits() post PASS", user);
return PR_DECLINED(cmd);
}
END_TEST
START_TEST (config_add_config_set_test) {
int flags = PR_CONFIG_FL_INSERT_HEAD, res;
xaset_t *set = NULL;
const char *name = NULL;
config_rec *c = NULL;
res = remove_config(NULL, NULL, FALSE);
fail_unless(res == 0, "Failed to handle null arguments: %s", strerror(errno));
name = "foo";
c = add_config_set(NULL, name);
fail_unless(c == NULL, "Failed to handle null set argument");
fail_unless(errno == EINVAL, "Failed to set errno to EINVAL, got %d (%s)",
errno, strerror(errno));
c = add_config_set(&set, name);
fail_unless(c != NULL, "Failed to add config '%s' to set: %s", name,
strerror(errno));
fail_unless(c->config_type == 0, "Expected config_type 0, got %d",
c->config_type);
res = remove_config(set, name, FALSE);
fail_unless(res > 0, "Failed to remove config '%s': %s", name,
strerror(errno));
name = "bar";
res = remove_config(set, name, FALSE);
fail_unless(res == 0, "Removed config '%s' unexpectedly", name,
strerror(errno));
c = pr_config_add_set(&set, name, flags);
fail_unless(c != NULL, "Failed to add config '%s' to set: %s", name,
strerror(errno));
/* XXX Note that calling this with recurse=TRUE yields a test timeout,
* suggestive of an infinite loop that needs to be tracked down and
* fixed.
*
* I suspect it's in find_config_next2() bit of code near the comment:
*
* Restart the search at the previous level if required
*
* Given the "shallowness" of this particular set.
*/
res = remove_config(set, name, FALSE);
fail_unless(res > 0, "Failed to remove config '%s': %s", name,
strerror(errno));
}
END_TEST
START_TEST (config_add_config_test) {
int res;
const char *name = NULL;
config_rec *c = NULL;
server_rec *s = NULL;
s = pr_parser_server_ctxt_open("127.0.0.1");
fail_unless(s != NULL, "Failed to open server context: %s", strerror(errno));
name = "foo";
mark_point();
c = add_config(NULL, name);
fail_unless(c != NULL, "Failed to add config '%s': %s", name,
strerror(errno));
fail_unless(c->config_type == 0, "Expected config_type 0, got %d",
c->config_type);
mark_point();
pr_config_dump(NULL, s->conf, NULL);
c = add_config_param_set(&(c->subset), "bar", 1, "baz");
mark_point();
pr_config_dump(NULL, s->conf, NULL);
mark_point();
res = remove_config(s->conf, name, FALSE);
fail_unless(res > 0, "Failed to remove config '%s': %s", name,
strerror(errno));
}
END_TEST
START_TEST (config_add_server_config_param_str_test) {
const char *name;
config_rec *c;
server_rec *s;
mark_point();
c = pr_conf_add_server_config_param_str(NULL, NULL, 0);
fail_unless(c == NULL, "Failed to handle null arguments");
fail_unless(errno == EINVAL, "Expected EINVAL (%d), got %s (%d)", EINVAL,
strerror(errno));
mark_point();
s = pr_parser_server_ctxt_open("127.0.0.2");
fail_unless(s != NULL, "Failed to open server context: %s", strerror(errno));
mark_point();
name = "foo";
c = pr_conf_add_server_config_param_str(s, name, 1, "bar");
fail_unless(c != NULL, "Failed to add config '%s': %s", name,
strerror(errno));
(void) remove_config(s->conf, name, FALSE);
}
MODRET pw_getpwnam(cmd_rec *cmd) {
struct passwd *pw;
const char *name;
name = cmd->argv[0];
if (persistent_passwd) {
pw = p_getpwnam(name);
} else {
pw = getpwnam(name);
}
if (auth_unix_opts & AUTH_UNIX_OPT_MAGIC_TOKEN_CHROOT) {
char *home_dir, *ptr;
/* Here is where we do the "magic token" chroot monstrosity inflicted
* on the world by wu-ftpd.
*
* If the magic token '/./' appears in the user's home directory, the
* directory portion before the token is the directory to use for
* the chroot; the directory portion after the token is the directory
* to use for the initial chdir.
*/
home_dir = pstrdup(cmd->tmp_pool, pw->pw_dir);
/* We iterate through the home directory string since it is possible
* for the '.' character to appear without it being part of the magic
* token.
*/
ptr = strchr(home_dir, '.');
while (ptr != NULL) {
pr_signals_handle();
/* If we're at the start of the home directory string, stop looking:
* this home directory is not really valid anyway.
*/
if (ptr == home_dir) {
break;
}
/* Back up one character. */
ptr--;
/* If we're at the start of the home directory now, stop looking:
* this home directory cannot contain a valid magic token. I.e.
*
* /./home/foo
*
* cannot be valid, as there is no directory portion before the
* token.
*/
if (ptr == home_dir) {
break;
}
if (strncmp(ptr, "/./", 3) == 0) {
char *default_chdir;
config_rec *c;
*ptr = '\0';
default_chdir = pstrdup(cmd->tmp_pool, ptr + 2);
/* In order to make sure that this user is chrooted to this
* directory, we remove all DefaultRoot directives and add a new
* one. Same for the DefaultChdir directive.
*/
(void) remove_config(main_server->conf, "DefaultRoot", FALSE);
c = add_config_param_set(&main_server->conf, "DefaultRoot", 1, NULL);
c->argv[0] = pstrdup(c->pool, home_dir);
(void) remove_config(main_server->conf, "DefaultChdir", FALSE);
c = add_config_param_set(&main_server->conf, "DefaultChdir", 1, NULL);
c->argv[0] = pstrdup(c->pool, default_chdir);
pr_log_debug(DEBUG9, "AuthUnixOption magicTokenChroot: "
"found magic token in '%s', using 'DefaultRoot %s' and "
"'DefaultChdir %s'", pw->pw_dir, home_dir, default_chdir);
/* We need to use a long-lived memory pool for overwriting the
* normal home directory.
*/
pw->pw_dir = pstrdup(session.pool, home_dir);
break;
}
ptr = strchr(ptr + 2, '.');
}
}
return pw ? mod_create_data(cmd, pw) : PR_DECLINED(cmd);
}
END_TEST
START_TEST (get_param_ptr_test) {
void *res;
int count;
xaset_t *set = NULL;
config_rec *c;
const char *name = NULL;
res = get_param_ptr(NULL, NULL, FALSE);
fail_unless(res == NULL, "Failed to handle null arguments");
fail_unless(errno == ENOENT, "Failed to set errno to ENOENT, got %d (%s)",
errno, strerror(errno));
mark_point();
name = "foo";
c = add_config_param_set(&set, name, 1, "bar");
fail_unless(c != NULL, "Failed to add config '%s': %s", name,
strerror(errno));
name = "bar";
res = get_param_ptr(set, name, FALSE);
fail_unless(res == NULL, "Failed to handle null arguments");
fail_unless(errno == ENOENT, "Failed to set errno to ENOENT, got %d (%s)",
errno, strerror(errno));
mark_point();
/* We expect to find "foo", but a 'next' should be empty. Note that we
* need to reset the get_param_ptr tree.
*/
get_param_ptr(NULL, NULL, FALSE);
name = "foo";
res = get_param_ptr(set, name, FALSE);
fail_unless(res != NULL, "Failed to find config '%s': %s", name,
strerror(errno));
mark_point();
res = get_param_ptr_next(name, FALSE);
fail_unless(res == NULL, "Found next config unexpectedly");
fail_unless(errno == ENOENT, "Failed to set errno to ENOENT, got %d (%s)",
errno, strerror(errno));
/* Now add another config, find "foo" again; this time, a 'next' should
* NOT be empty; it should find the 2nd config we added.
*/
name = "foo2";
c = add_config_param_set(&set, name, 1, "baz");
fail_unless(c != NULL, "Failed to add config '%s': %s", name,
strerror(errno));
get_param_ptr(NULL, NULL, FALSE);
name = NULL;
res = get_param_ptr(set, name, FALSE);
fail_unless(res != NULL, "Failed to find any config: %s", strerror(errno));
mark_point();
res = get_param_ptr_next(name, FALSE);
fail_unless(res != NULL, "Expected to find another config");
mark_point();
name = "foo";
count = remove_config(set, name, FALSE);
fail_unless(count > 0, "Failed to remove config '%s': %s", name,
strerror(errno));
mark_point();
res = get_param_ptr(set, name, FALSE);
fail_unless(res == NULL, "Found config '%s' unexpectedly", name);
fail_unless(errno == ENOENT, "Failed to set errno to ENOENT, got %d (%s)",
errno, strerror(errno));
}
END_TEST
START_TEST (find_config2_test) {
int res;
config_rec *c;
xaset_t *set = NULL;
const char *name;
unsigned long flags = 0;
c = find_config2(NULL, -1, NULL, FALSE, flags);
fail_unless(c == NULL, "Failed to handle null arguments");
fail_unless(errno == EINVAL, "Failed to set errno to EINVAL, got %d (%s)",
errno, strerror(errno));
mark_point();
name = "foo";
c = add_config_param_set(&set, name, 0);
fail_unless(c != NULL, "Failed to add config '%s': %s", name,
strerror(errno));
name = "bar";
c = find_config2(set, -1, name, FALSE, flags);
fail_unless(c == NULL, "Failed to handle null arguments");
fail_unless(errno == ENOENT, "Failed to set errno to ENOENT, got %d (%s)",
errno, strerror(errno));
mark_point();
/* We expect to find "foo", but a 'next' should be empty. */
name = "foo";
c = find_config2(set, -1, name, FALSE, flags);
fail_unless(c != NULL, "Failed to find config '%s': %s", name,
strerror(errno));
mark_point();
c = find_config_next2(c, c->next, -1, name, FALSE, flags);
fail_unless(c == NULL, "Found next config unexpectedly");
fail_unless(errno == ENOENT, "Failed to set errno to ENOENT, got %d (%s)",
errno, strerror(errno));
/* Now add another config, find "foo" again; this time, a 'next' should
* NOT be empty; it should find the 2nd config we added.
*/
name = "foo2";
c = add_config_param_set(&set, name, 0);
fail_unless(c != NULL, "Failed to add config '%s': %s", name,
strerror(errno));
name = NULL;
c = find_config2(set, -1, name, FALSE, flags);
fail_unless(c != NULL, "Failed to find any config: %s", strerror(errno));
mark_point();
c = find_config_next2(c, c->next, -1, name, FALSE, flags);
fail_unless(c != NULL, "Expected to find another config");
mark_point();
name = "foo";
res = remove_config(set, name, FALSE);
fail_unless(res > 0, "Failed to remove config '%s': %s", name,
strerror(errno));
mark_point();
c = find_config2(set, -1, name, FALSE, flags);
fail_unless(c == NULL, "Found config '%s' unexpectedly", name);
fail_unless(errno == ENOENT, "Failed to set errno to ENOENT, got %d (%s)",
errno, strerror(errno));
}
