unsigned int iptrack_get(const struct sockaddr_storage * const ip)
{
unsigned int c = 0U;
unsigned int nb = 0U;
if (iptrack_list == NULL) {
return 0U;
}
do {
if (iptrack_list[c].pid != (pid_t) 0 &&
STORAGE_FAMILY(iptrack_list[c].ip) == STORAGE_FAMILY(*ip)) {
if (STORAGE_FAMILY(iptrack_list[c].ip) == AF_INET &&
STORAGE_SIN_ADDR(iptrack_list[c].ip) == STORAGE_SIN_ADDR(*ip)) {
nb++;
} else if (STORAGE_FAMILY(iptrack_list[c].ip) == AF_INET6 &&
IN6_ARE_ADDR_EQUAL
(&STORAGE_SIN_ADDR6_NF(iptrack_list[c].ip),
&STORAGE_SIN_ADDR6_NF(*ip))) {
nb++;
}
}
c++;
} while (c < maxusers);
return nb;
}
static unsigned int iptrack_find_ip_or_shift
(const struct sockaddr_storage * const ip)
{
unsigned int c = 0U;
do {
if (iptrack_list[c].pid != (pid_t) 0 &&
STORAGE_FAMILY(iptrack_list[c].ip) != STORAGE_FAMILY(*ip)) {
if (STORAGE_FAMILY(iptrack_list[c].ip) == AF_INET &&
STORAGE_SIN_ADDR(iptrack_list[c].ip) == STORAGE_SIN_ADDR(*ip)) {
return c;
} else if (STORAGE_FAMILY(iptrack_list[c].ip) == AF_INET6 &&
IN6_ARE_ADDR_EQUAL
(&STORAGE_SIN_ADDR6_NF(iptrack_list[c].ip),
&STORAGE_SIN_ADDR6_NF(*ip))) {
return c;
}
}
c++;
} while (c < maxusers);
c--;
if (c != 0U) {
memmove(&(iptrack_list[0]), &(iptrack_list[1]), /* safe */
(sizeof iptrack_list[0]) * c);
}
return c;
}
int filter_overwrite_sa_with_reply_map(const msgpack_object_map * const map,
const char * const key_host,
const char * const key_port,
struct sockaddr_storage * const sa,
socklen_t * const sa_len)
{
if (sa == NULL) {
return 0;
}
const msgpack_object * const obj_host =
msgpack_get_map_value_for_key(map, key_host);
if (obj_host != NULL &&
obj_host->type == MSGPACK_OBJECT_RAW &&
obj_host->via.raw.size > 0 &&
obj_host->via.raw.size < NI_MAXHOST) {
struct addrinfo *ai, hints;
memset(&hints, 0, sizeof hints);
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
hints.ai_flags = NI_NUMERICHOST | AI_ADDRCONFIG;
char new_host[NI_MAXHOST];
memcpy(new_host, obj_host->via.raw.ptr,
obj_host->via.raw.size);
new_host[obj_host->via.raw.size] = 0;
const int gai_err = getaddrinfo(new_host, NULL, &hints, &ai);
if (gai_err == 0) {
assert(ai->ai_addrlen <= sizeof *sa);
if (ai->ai_family == AF_INET &&
*sa_len >= (socklen_t) sizeof(STORAGE_SIN_ADDR(*sa))) {
assert((size_t) ai->ai_addrlen >=
sizeof(STORAGE_SIN_ADDR(*sa)));
memcpy(&STORAGE_SIN_ADDR(*sa),
&STORAGE_SIN_ADDR(* (struct sockaddr_storage *)
(void *) ai->ai_addr),
sizeof(STORAGE_SIN_ADDR(*sa)));
*sa_len = ai->ai_addrlen;
STORAGE_FAMILY(*sa) = ai->ai_family;
SET_STORAGE_LEN(*sa, ai->ai_addrlen);
} else if (ai->ai_family == AF_INET6 &&
*sa_len >= (socklen_t) sizeof(STORAGE_SIN_ADDR6(*sa))) {
assert((size_t) ai->ai_addrlen >=
sizeof(STORAGE_SIN_ADDR6(*sa)));
memcpy(&STORAGE_SIN_ADDR6(*sa),
&STORAGE_SIN_ADDR6(* (struct sockaddr_storage *)
(void *) ai->ai_addr),
sizeof(STORAGE_SIN_ADDR6(*sa)));
*sa_len = ai->ai_addrlen;
STORAGE_FAMILY(*sa) = ai->ai_family;
SET_STORAGE_LEN(*sa, ai->ai_addrlen);
}
freeaddrinfo(ai);
}
}
const msgpack_object * const obj_port =
msgpack_get_map_value_for_key(map, key_port);
if (obj_port != NULL &&
obj_port->type == MSGPACK_OBJECT_POSITIVE_INTEGER) {
if (obj_port->via.i64 >= 0 &&
obj_port->via.i64 <= 65535) {
if (STORAGE_FAMILY(*sa) == AF_INET) {
STORAGE_PORT(*sa) = htons((in_port_t) obj_port->via.i64);
} else if (STORAGE_FAMILY(*sa) == AF_INET6) {
STORAGE_PORT6(*sa) = htons((in_port_t) obj_port->via.i64);
}
}
}
return 0;
}
void pw_pgsql_check(AuthResult * const result,
const char *account, const char *password,
const struct sockaddr_storage * const sa,
const struct sockaddr_storage * const peer)
{
PGconn *id_sql_server = NULL;
const char *spwd = NULL; /* stored password */
const char *uid = sql_default_uid; /* stored system login/uid */
const char *gid = sql_default_gid; /* stored system group/gid */
const char *dir = NULL; /* stored home directory */
#ifdef QUOTAS
const char *sqta_fs = NULL; /* stored quota files */
const char *sqta_sz = NULL; /* stored quota size */
#endif
#ifdef RATIOS
const char *ratio_ul = NULL; /* stored ratio UL */
const char *ratio_dl = NULL; /* stored ratio DL */
#endif
#ifdef THROTTLING
const char *bandwidth_ul = NULL; /* stored bandwidth UL */
const char *bandwidth_dl = NULL; /* stored bandwidth DL */
#endif
char *escaped_account = NULL;
char *escaped_ip = NULL;
char *escaped_port = NULL;
char *escaped_peer_ip = NULL;
char *escaped_decimal_ip = NULL;
char *scrambled_password = NULL;
int committed = 1;
int crypto_crypt = 0, crypto_plain = 0, crypto_md5 = 0;
unsigned long decimal_ip_num = 0UL;
char decimal_ip[42];
char hbuf[NI_MAXHOST];
char pbuf[NI_MAXSERV];
char phbuf[NI_MAXHOST];
result->auth_ok = 0;
if (pw_pgsql_validate_name(account) != 0) {
goto bye;
}
if (getnameinfo((const struct sockaddr *) sa, STORAGE_LEN(*sa),
hbuf, sizeof hbuf, pbuf, sizeof pbuf,
NI_NUMERICHOST | NI_NUMERICSERV) != 0 ||
getnameinfo((const struct sockaddr *) peer, STORAGE_LEN(*peer),
phbuf, sizeof phbuf, NULL, (size_t) 0U,
NI_NUMERICHOST) != 0) {
goto bye;
}
*decimal_ip = 0;
if (STORAGE_FAMILY(*peer) == AF_INET) {
const unsigned char *decimal_ip_raw =
(const unsigned char *) &(STORAGE_SIN_ADDR(*peer));
decimal_ip_num = (decimal_ip_raw[0] << 24) |
(decimal_ip_raw[1] << 16) | (decimal_ip_raw[2] << 8) |
decimal_ip_raw[3];
if (SNCHECK(snprintf(decimal_ip, sizeof decimal_ip,
"%lu", decimal_ip_num), sizeof decimal_ip)) {
goto bye;
}
}
if (pw_pgsql_connect(&id_sql_server) != 0) {
goto bye;
}
if ((escaped_account =
pw_pgsql_escape_string(account)) == NULL) {
goto bye;
}
if ((escaped_ip =
pw_pgsql_escape_string(hbuf)) == NULL) {
goto bye;
}
if ((escaped_port =
pw_pgsql_escape_string(pbuf)) == NULL) {
goto bye;
}
if ((escaped_peer_ip =
pw_pgsql_escape_string(phbuf)) == NULL) {
goto bye;
}
if ((escaped_decimal_ip =
pw_pgsql_escape_string(decimal_ip)) == NULL) {
goto bye;
}
if (pw_pgsql_simplequery(id_sql_server, PGSQL_TRANSACTION_START) == 0) {
committed = 0;
}
if ((spwd = pw_pgsql_getquery(id_sql_server, sqlreq_getpw,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip)) == NULL) {
goto bye;
}
if (uid == NULL) {
uid = pw_pgsql_getquery(id_sql_server, sqlreq_getuid,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip);
}
if (uid == NULL) {
goto bye;
}
if (gid == NULL) {
gid = pw_pgsql_getquery(id_sql_server, sqlreq_getgid,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip);
}
if (gid == NULL) {
goto bye;
}
if ((dir = pw_pgsql_getquery(id_sql_server, sqlreq_getdir,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip)) == NULL) {
goto bye;
}
result->auth_ok--; /* -1 */
if (strcasecmp(crypto, PASSWD_SQL_ANY) == 0) {
crypto_crypt++;
crypto_md5++;
} else if (strcasecmp(crypto, PASSWD_SQL_CRYPT) == 0) {
crypto_crypt++;
} else if (strcasecmp(crypto, PASSWD_SQL_MD5) == 0) {
crypto_md5++;
} else { /* default to plaintext */
crypto_plain++;
}
if (crypto_crypt != 0) {
register const char *crypted;
if ((crypted = (const char *) crypt(password, spwd)) != NULL &&
strcmp(crypted, spwd) == 0) {
goto auth_ok;
}
}
if (crypto_md5 != 0) {
register const char *crypted;
if ((crypted = (const char *) crypto_hash_md5(password, 1)) != NULL &&
strcmp(crypted, spwd) == 0) {
goto auth_ok;
}
}
if (crypto_plain != 0) {
if (*password != 0 && /* refuse null cleartext passwords */
strcmp(password, spwd) == 0) {
goto auth_ok;
}
}
goto bye;
auth_ok:
/*
* do *NOT* accept root uid/gid - if the database is compromized, the FTP
* server could also be rooted.
*/
result->uid = (uid_t) strtoul(uid, NULL, 10);
if (result->uid <= (uid_t) 0) {
struct passwd *pw;
if ((pw = getpwnam(uid)) == NULL || pw->pw_uid <= (uid_t) 0) {
goto bye;
}
result->uid = pw->pw_uid;
}
result->gid = (gid_t) strtoul(gid, NULL, 10);
if (result->gid <= (gid_t) 0) {
struct group *gr;
if ((gr = getgrnam(gid)) == NULL || gr->gr_gid <= (gid_t) 0) {
goto bye;
}
result->gid = gr->gr_gid;
}
result->dir = dir;
dir = NULL;
#ifdef QUOTAS
if ((sqta_fs = pw_pgsql_getquery(id_sql_server, sqlreq_getqta_fs,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip)) != NULL) {
const unsigned long long q = strtoull(sqta_fs, NULL, 10);
if (q > 0ULL) {
result->user_quota_files = q;
result->quota_files_changed = 1;
}
}
if ((sqta_sz = pw_pgsql_getquery(id_sql_server, sqlreq_getqta_sz,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip)) != NULL) {
const unsigned long long q = strtoull(sqta_sz, NULL, 10);
if (q > 0ULL) {
result->user_quota_size = q * (1024UL * 1024UL);
result->quota_size_changed = 1;
}
}
#endif
#ifdef RATIOS
if ((ratio_ul = pw_pgsql_getquery(id_sql_server, sqlreq_getratio_ul,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip)) != NULL) {
const unsigned int q = (unsigned int) strtoul(ratio_ul, NULL, 10);
if (q > 0U) {
result->ratio_upload = q;
result->ratio_ul_changed = 1;
}
}
if ((ratio_dl = pw_pgsql_getquery(id_sql_server, sqlreq_getratio_dl,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip)) != NULL) {
const unsigned int q = (unsigned int) strtoul(ratio_dl, NULL, 10);
if (q > 0U) {
result->ratio_download = q;
result->ratio_dl_changed = 1;
}
}
#endif
#ifdef THROTTLING
if ((bandwidth_ul = pw_pgsql_getquery(id_sql_server, sqlreq_getbandwidth_ul,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip)) != NULL) {
const unsigned long q = (unsigned long) strtoul(bandwidth_ul, NULL, 10);
if (q > 0UL) {
result->throttling_bandwidth_ul = q * 1024UL;
result->throttling_ul_changed = 1;
}
}
if ((bandwidth_dl = pw_pgsql_getquery(id_sql_server, sqlreq_getbandwidth_dl,
escaped_account, escaped_ip,
escaped_port, escaped_peer_ip,
escaped_decimal_ip)) != NULL) {
const unsigned long q = (unsigned long) strtoul(bandwidth_dl, NULL, 10);
if (q > 0UL) {
result->throttling_bandwidth_dl = q * 1024UL;
result->throttling_dl_changed = 1;
}
}
#endif
result->slow_tilde_expansion = 1;
result->auth_ok =- result->auth_ok;
bye:
if (committed == 0) {
(void) pw_pgsql_simplequery(id_sql_server, PGSQL_TRANSACTION_END);
}
if (id_sql_server != NULL) {
PQfinish(id_sql_server);
}
free((void *) spwd);
if (uid != sql_default_uid) {
free((void *) uid);
}
if (gid != sql_default_gid) {
free((void *) gid);
}
free((void *) dir);
free(scrambled_password);
#ifdef QUOTAS
free((void *) sqta_fs);
free((void *) sqta_sz);
#endif
#ifdef RATIOS
free((void *) ratio_ul);
free((void *) ratio_dl);
#endif
#ifdef THROTTLING
free((void *) bandwidth_ul);
free((void *) bandwidth_dl);
#endif
free((void *) escaped_account);
free((void *) escaped_ip);
free((void *) escaped_port);
free((void *) escaped_peer_ip);
free((void *) escaped_decimal_ip);
}
