MODRET authfile_chkpass(cmd_rec *cmd) {
const char *ciphertxt_pass = cmd->argv[0];
const char *cleartxt_pass = cmd->argv[2];
char *crypted_pass = NULL;
size_t ciphertxt_passlen = 0;
int xerrno;
if (ciphertxt_pass == NULL) {
pr_log_debug(DEBUG2, MOD_AUTH_FILE_VERSION
": missing ciphertext password for comparison");
return PR_DECLINED(cmd);
}
if (cleartxt_pass == NULL) {
pr_log_debug(DEBUG2, MOD_AUTH_FILE_VERSION
": missing client-provided password for comparison");
return PR_DECLINED(cmd);
}
/* Even though the AuthUserFile is not used here, there must be one
* configured before this function should attempt to check the password.
* Otherwise, it could be checking a password retrieved by some other
* auth module.
*/
if (af_user_file == NULL) {
return PR_DECLINED(cmd);
}
crypted_pass = crypt(cleartxt_pass, ciphertxt_pass);
xerrno = errno;
ciphertxt_passlen = strlen(ciphertxt_pass);
if (handle_empty_salt == TRUE &&
ciphertxt_passlen == 0) {
crypted_pass = "";
}
if (crypted_pass == NULL) {
const char *user;
user = cmd->argv[1];
pr_log_debug(DEBUG0, MOD_AUTH_FILE_VERSION
": error using crypt(3) for user '%s': %s", user, strerror(xerrno));
if (ciphertxt_passlen > 0 &&
(xerrno == EINVAL ||
xerrno == EPERM)) {
check_unsupported_algo(user, ciphertxt_pass, ciphertxt_passlen);
}
return PR_DECLINED(cmd);
}
if (strcmp(crypted_pass, ciphertxt_pass) == 0) {
session.auth_mech = "mod_auth_file.c";
return PR_HANDLED(cmd);
}
return PR_DECLINED(cmd);
}
MODRET authfile_setpwent(cmd_rec *cmd) {
if (af_setpwent(cmd->tmp_pool) == 0) {
return PR_DECLINED(cmd);
}
return PR_DECLINED(cmd);
}
MODRET authfile_auth(cmd_rec *cmd) {
char *tmp = NULL, *cleartxt_pass = NULL;
const char *name = cmd->argv[0];
if (af_setpwent() < 0)
return PR_DECLINED(cmd);
/* Lookup the cleartxt password for this user. */
tmp = af_getpwpass(name);
if (tmp == NULL) {
/* For now, return DECLINED. Ideally, we could stash an auth module
* identifier in the session structure, so that all auth modules could
* coordinate/use their methods as long as they matched the auth module
* used.
*/
return PR_DECLINED(cmd);
#if 0
/* When the above is implemented, and if the user being checked was
* provided by mod_auth_file, we'd return this.
*/
return PR_ERROR_INT(cmd, PR_AUTH_NOPWD);
#endif
}
cleartxt_pass = pstrdup(cmd->tmp_pool, tmp);
if (pr_auth_check(cmd->tmp_pool, cleartxt_pass, name, cmd->argv[1]))
return PR_ERROR_INT(cmd, PR_AUTH_BADPWD);
session.auth_mech = "mod_auth_file.c";
return PR_HANDLED(cmd);
}
MODRET authfile_setgrent(cmd_rec *cmd) {
if (af_setgrent() == 0) {
return PR_DECLINED(cmd);
}
return PR_DECLINED(cmd);
}
MODRET authfile_uid2name(cmd_rec *cmd) {
struct passwd *pwd = NULL;
if (af_setpwent() < 0)
return PR_DECLINED(cmd);
pwd = af_getpwuid(*((uid_t *) cmd->argv[0]));
return pwd ? mod_create_data(cmd, pwd->pw_name) : PR_DECLINED(cmd);
}
MODRET authfile_gid2name(cmd_rec *cmd) {
struct group *grp = NULL;
if (af_setgrent() < 0)
return PR_DECLINED(cmd);
grp = af_getgrgid(*((gid_t *) cmd->argv[0]));
return grp ? mod_create_data(cmd, grp->gr_name) : PR_DECLINED(cmd);
}
MODRET authfile_name2uid(cmd_rec *cmd) {
struct passwd *pwd = NULL;
if (af_setpwent() < 0)
return PR_DECLINED(cmd);
pwd = af_getpwnam(cmd->argv[0]);
return pwd ? mod_create_data(cmd, (void *) &pwd->pw_uid) : PR_DECLINED(cmd);
}
MODRET authfile_name2gid(cmd_rec *cmd) {
struct group *grp = NULL;
if (af_setgrent() < 0)
return PR_DECLINED(cmd);
grp = af_getgrnam(cmd->argv[0]);
return grp ? mod_create_data(cmd, (void *) &grp->gr_gid) : PR_DECLINED(cmd);
}
MODRET lmd_deny_blacklist_post_pass(cmd_rec *cmd) {
/*
mod_authを通過するまでは session.userは空の様子
const char *account = session.user;
*/
const char *account = NULL;
const char *remote_ip = NULL;
/* return IP unless found hostname */
account = get_param_ptr(cmd->server->conf, "UserName", FALSE);
remote_ip = pr_netaddr_get_ipstr(pr_netaddr_get_sess_remote_addr());
if(false == is_set_server) {
pr_log_auth(PR_LOG_WARNING, "%s: memcached_server not set", MODULE_NAME);
lmd_cleanup();
return PR_DECLINED(cmd);
}
if(is_allowed_user(cmd, account) == true) {
pr_log_auth(PR_LOG_NOTICE,
"%s: '%s' is allowed to login. skip last process", MODULE_NAME, account);
lmd_cleanup();
return PR_DECLINED(cmd);
}
/* allow explicily */
if(is_allowed(cmd, session.c->remote_addr) == true) {
return PR_DECLINED(cmd);
}
/* check whether account is registerd in blacklist or not */
if(is_cache_exits(memcached_deny_blacklist_mmc, account) == true) {
pr_log_auth(PR_LOG_NOTICE,
"%s: denied '%s@%s'. Account found in blacklist(memcached)",
MODULE_NAME, account, remote_ip);
pr_response_send(R_530, _("Login denied temporary (Account found in blacklist)"));
end_login(0);
}
/* check whether remote IP is registerd in blacklist or not */
if(is_cache_exits(memcached_deny_blacklist_mmc, remote_ip) == true) {
pr_log_auth(PR_LOG_NOTICE,
"%s: denied '%s@%s'. IP found in blacklist(memcached)",
MODULE_NAME, account, remote_ip);
pr_response_send(R_530, _("Login denied temporary (IP found in blacklist)"));
end_login(0);
}
pr_log_debug(DEBUG2,
"%s: not found in blaclist. '%s@%s' is allowed to Login",
MODULE_NAME, account, remote_ip);
lmd_cleanup();
return PR_DECLINED(cmd);
}
MODRET authfile_getgrgid(cmd_rec *cmd) {
struct group *grp = NULL;
gid_t gid = *((gid_t *) cmd->argv[0]);
if (af_setgrent() < 0)
return PR_DECLINED(cmd);
grp = af_getgrgid(gid);
return grp ? mod_create_data(cmd, grp) : PR_DECLINED(cmd);
}
MODRET authfile_getpwuid(cmd_rec *cmd) {
struct passwd *pwd = NULL;
uid_t uid = *((uid_t *) cmd->argv[0]);
if (af_setpwent() < 0)
return PR_DECLINED(cmd);
pwd = af_getpwuid(uid);
return pwd ? mod_create_data(cmd, pwd) : PR_DECLINED(cmd);
}
MODRET copy_log_site(cmd_rec *cmd) {
if (copy_engine == FALSE) {
return PR_DECLINED(cmd);
}
if (cmd->argc < 3 ||
strncasecmp(cmd->argv[1], "CPTO", 5) != 0) {
return PR_DECLINED(cmd);
}
/* Delete the stashed CPFR path from the session.notes table. */
(void) pr_table_remove(session.notes, "mod_copy.cpfr-path", NULL);
return PR_DECLINED(cmd);
}
MODRET counter_writer_done(cmd_rec *cmd) {
pr_fh_t *fh;
if (counter_engine == FALSE) {
return PR_DECLINED(cmd);
}
if (!(counter_pending & COUNTER_HAVE_WRITER)) {
return PR_DECLINED(cmd);
}
fh = counter_get_fh(cmd->tmp_pool, counter_curr_path);
if (fh == NULL) {
(void) pr_log_writefile(counter_logfd, MOD_COUNTER_VERSION,
"%s: no CounterFile found for path '%s'", (char *) cmd->argv[0],
counter_curr_path);
/* No CounterFile configured/available for this path. */
return PR_DECLINED(cmd);
}
if (counter_curr_semid == -1) {
counter_curr_semid = counter_get_sem(fh, counter_curr_path);
if (counter_curr_semid < 0) {
(void) pr_log_writefile(counter_logfd, MOD_COUNTER_VERSION,
"unable to get semaphore for '%s': %s", counter_curr_path,
strerror(errno));
return PR_DECLINED(cmd);
}
}
if (counter_remove_writer(fh, counter_curr_semid) < 0) {
(void) pr_log_writefile(counter_logfd, MOD_COUNTER_VERSION,
"error removing writer for '%s': %s", counter_curr_path,
strerror(errno));
} else {
(void) pr_log_writefile(counter_logfd, MOD_COUNTER_VERSION,
"removed writer counter for '%s' (semaphore ID %d)", counter_curr_path,
counter_curr_semid);
counter_curr_path = NULL;
counter_curr_semid = -1;
counter_pending &= ~COUNTER_HAVE_WRITER;
}
return PR_DECLINED(cmd);
}
MODRET authfile_getpwent(cmd_rec *cmd) {
struct passwd *pwd = NULL;
pwd = af_getpwent();
return pwd ? mod_create_data(cmd, pwd) : PR_DECLINED(cmd);
}
MODRET memcache_post_host(cmd_rec *cmd) {
/* If the HOST command changed the main_server pointer, reinitialize
* ourselves.
*/
if (session.prev_server != NULL) {
int res;
config_rec *c;
pr_event_unregister(&memcache_module, "core.exit", mcache_exit_ev);
(void) close(memcache_logfd);
c = find_config(session.prev_server->conf, CONF_PARAM, "MemcacheServers",
FALSE);
if (c != NULL) {
memcached_server_st *memcache_servers;
memcache_servers = c->argv[0];
memcache_set_servers(memcache_servers);
}
/* XXX Restore other memcache settings? */
res = mcache_sess_init();
if (res < 0) {
pr_session_disconnect(&memcache_module,
PR_SESS_DISCONNECT_SESSION_INIT_FAILED, NULL);
}
}
return PR_DECLINED(cmd);
}
MODRET pw_auth(cmd_rec *cmd) {
time_t now;
char *cpw;
time_t lstchg = -1, max = -1, inact = -1, disable = -1;
const char *name;
name = cmd->argv[0];
time(&now);
cpw = _get_pw_info(cmd->tmp_pool, name, &lstchg, NULL, &max, NULL, &inact,
&disable);
if (!cpw)
return PR_DECLINED(cmd);
if (pr_auth_check(cmd->tmp_pool, cpw, cmd->argv[0], cmd->argv[1]))
return PR_ERROR_INT(cmd, PR_AUTH_BADPWD);
if (lstchg > (time_t) 0 &&
max > (time_t) 0 &&
inact > (time_t)0)
if (now > lstchg + max + inact)
return PR_ERROR_INT(cmd, PR_AUTH_AGEPWD);
if (disable > (time_t) 0 &&
now > disable)
return PR_ERROR_INT(cmd, PR_AUTH_DISABLEDPWD);
session.auth_mech = "mod_auth_unix.c";
return PR_HANDLED(cmd);
}
MODRET authfile_getgrent(cmd_rec *cmd) {
struct group *grp = NULL;
grp = af_getgrent();
return grp ? mod_create_data(cmd, grp) : PR_DECLINED(cmd);
}
MODRET limit_login_post_pass(cmd_rec *cmd) {
/*
* PASSを通過すると cmd->server->conf にユーザー名が入る様子
* get_param_ptr()で取れる
*/
char *user = get_param_ptr(cmd->server->conf, "UserName", FALSE);
if(!user) {
pr_log_auth(PR_LOG_NOTICE, "User unknown. Something Wrong");
pr_response_send(R_530, _("Login incorrect."));
end_login(0);
}
int dummy;
if(session.dir_config &&
session.dir_config->subset &&
!login_check_limits(session.dir_config->subset, FALSE, TRUE ,&dummy)) {
remove_config(cmd->server->conf, C_USER, FALSE);
remove_config(cmd->server->conf, C_PASS, FALSE);
pr_log_auth(PR_LOG_NOTICE, "%s: Limit access denies login.", user);
pr_response_send(R_530, _("Login Denied."));
end_login(0);
}
pr_log_debug(DEBUG5, "%s: ok login_check_limits() post PASS", user);
return PR_DECLINED(cmd);
}
MODRET copy_post_pass(cmd_rec *cmd) {
config_rec *c;
if (copy_engine == FALSE) {
return PR_DECLINED(cmd);
}
/* The CopyEngine directive may have been changed for this user by
* e.g. mod_ifsession, thus we check again.
*/
c = find_config(main_server->conf, CONF_PARAM, "CopyEngine", FALSE);
if (c != NULL) {
copy_engine = *((int *) c->argv[0]);
}
return PR_DECLINED(cmd);
}
MODRET authfile_getgrnam(cmd_rec *cmd) {
struct group *grp = NULL;
const char *name = cmd->argv[0];
if (af_setgrent() < 0)
return PR_DECLINED(cmd);
while ((grp = af_getgrent()) != NULL) {
if (strcmp(name, grp->gr_name) == 0) {
/* Found the name requested */
break;
}
}
return grp ? mod_create_data(cmd, grp) : PR_DECLINED(cmd);
}
MODRET sftppam_auth(cmd_rec *cmd) {
if (!sftppam_handle_auth) {
return PR_DECLINED(cmd);
}
if (sftppam_auth_code != PR_AUTH_OK) {
if (sftppam_authoritative) {
return PR_ERROR_INT(cmd, sftppam_auth_code);
}
return PR_DECLINED(cmd);
}
session.auth_mech = "mod_sftp_pam.c";
pr_event_register(&sftp_pam_module, "core.exit", sftppam_exit_ev, NULL);
return PR_HANDLED(cmd);
}
MODRET pw_endgrent(cmd_rec *cmd) {
if (persistent_passwd)
p_endgrent();
else
endgrent();
return PR_DECLINED(cmd);
}
MODRET pw_setpwent(cmd_rec *cmd) {
if (persistent_passwd)
p_setpwent();
else
setpwent();
return PR_DECLINED(cmd);
}
MODRET authfile_getpwnam(cmd_rec *cmd) {
struct passwd *pwd = NULL;
const char *name = cmd->argv[0];
if (af_setpwent() < 0)
return PR_DECLINED(cmd);
/* Ugly -- we iterate through the file. Time-consuming. */
while ((pwd = af_getpwent()) != NULL) {
if (strcmp(name, pwd->pw_name) == 0) {
/* Found the requested name */
break;
}
}
return pwd ? mod_create_data(cmd, pwd) : PR_DECLINED(cmd);
}
MODRET authfile_chkpass(cmd_rec *cmd) {
const char *ciphertxt_pass = cmd->argv[0];
const char *cleartxt_pass = cmd->argv[2];
char *crypted_pass = NULL;
if (!ciphertxt_pass) {
pr_log_debug(DEBUG2, MOD_AUTH_FILE_VERSION
": missing ciphertext password for comparison");
return PR_DECLINED(cmd);
}
if (!cleartxt_pass) {
pr_log_debug(DEBUG2, MOD_AUTH_FILE_VERSION
": missing client-provided password for comparison");
return PR_DECLINED(cmd);
}
/* Even though the AuthUserFile is not used here, there must be one
* configured before this function should attempt to check the password.
* Otherwise, it could be checking a password retrieved by some other
* auth module.
*/
if (!af_user_file)
return PR_DECLINED(cmd);
crypted_pass = crypt(cleartxt_pass, ciphertxt_pass);
if (handle_empty_salt == TRUE &&
strlen(ciphertxt_pass) == 0) {
crypted_pass = "";
}
if (crypted_pass == NULL) {
pr_log_debug(DEBUG0, MOD_AUTH_FILE_VERSION
": error using crypt(3): %s", strerror(errno));
return PR_DECLINED(cmd);
}
if (strcmp(crypted_pass, ciphertxt_pass) == 0) {
session.auth_mech = "mod_auth_file.c";
return PR_HANDLED(cmd);
}
return PR_DECLINED(cmd);
}
MODRET pw_setpwent(cmd_rec *cmd) {
if (unix_persistent_passwd) {
p_setpwent();
} else {
setpwent();
}
return PR_DECLINED(cmd);
}
MODRET pw_endgrent(cmd_rec *cmd) {
if (unix_persistent_passwd) {
p_endgrent();
} else {
endgrent();
}
return PR_DECLINED(cmd);
}
MODRET pw_getpwent(cmd_rec *cmd) {
struct passwd *pw;
if (persistent_passwd)
pw = p_getpwent();
else
pw = getpwent();
return pw ? mod_create_data(cmd, pw) : PR_DECLINED(cmd);
}
MODRET pw_getgrent(cmd_rec *cmd) {
struct group *gr;
if (persistent_passwd)
gr = p_getgrent();
else
gr = getgrent();
return gr ? mod_create_data(cmd, gr) : PR_DECLINED(cmd);
}
MODRET handle_getpwnam(cmd_rec *cmd) {
const char *name;
name = cmd->argv[0];
getpwnam_count++;
if (strcmp(name, PR_TEST_AUTH_NAME) != 0) {
return PR_DECLINED(cmd);
}
return mod_create_data(cmd, &test_pwd);
}
