static int pw_pgsql_connect(PGconn ** const id_sql_server) { char *conninfo = NULL; size_t sizeof_conninfo; char *escaped_server = NULL; char *escaped_db = NULL; char *escaped_user = NULL; char *escaped_pw = NULL; int ret = -1; *id_sql_server = NULL; if ((escaped_server = pw_pgsql_escape_string(server)) == NULL || (escaped_db = pw_pgsql_escape_string(db)) == NULL || (escaped_user = pw_pgsql_escape_string(user)) == NULL || (escaped_pw = pw_pgsql_escape_string(pw)) == NULL) { goto bye; } #define PGSQL_CONNECT_FMTSTRING \ "host='%s' port='%d' dbname='%s' user='******' password='******'" sizeof_conninfo = sizeof PGSQL_CONNECT_FMTSTRING + strlen(escaped_server) + (size_t) 5U + strlen(escaped_db) + strlen(escaped_user) + strlen(escaped_pw); if ((conninfo = malloc(sizeof_conninfo)) == NULL) { goto bye; } if (SNCHECK(snprintf(conninfo, sizeof_conninfo, PGSQL_CONNECT_FMTSTRING, server, port, db, user, pw), sizeof_conninfo)) { goto bye; } if ((*id_sql_server = PQconnectdb(conninfo)) == NULL || PQstatus(*id_sql_server) == CONNECTION_BAD) { free(conninfo); if (server_down == 0) { server_down++; logfile(LOG_ERR, MSG_SQL_DOWN); } goto bye; } server_down = 0; ret = 0; bye: free(conninfo); free(escaped_server); free(escaped_db); free(escaped_user); free(escaped_pw); return ret; }
void pw_pgsql_check(AuthResult * const result, const char *account, const char *password, const struct sockaddr_storage * const sa, const struct sockaddr_storage * const peer) { PGconn *id_sql_server = NULL; const char *spwd = NULL; /* stored password */ const char *uid = sql_default_uid; /* stored system login/uid */ const char *gid = sql_default_gid; /* stored system group/gid */ const char *dir = NULL; /* stored home directory */ #ifdef QUOTAS const char *sqta_fs = NULL; /* stored quota files */ const char *sqta_sz = NULL; /* stored quota size */ #endif #ifdef RATIOS const char *ratio_ul = NULL; /* stored ratio UL */ const char *ratio_dl = NULL; /* stored ratio DL */ #endif #ifdef THROTTLING const char *bandwidth_ul = NULL; /* stored bandwidth UL */ const char *bandwidth_dl = NULL; /* stored bandwidth DL */ #endif char *escaped_account = NULL; char *escaped_ip = NULL; char *escaped_port = NULL; char *escaped_peer_ip = NULL; char *escaped_decimal_ip = NULL; char *scrambled_password = NULL; int committed = 1; int crypto_crypt = 0, crypto_plain = 0, crypto_md5 = 0, crypto_md5sha1 = 0; /* TRICK */ unsigned long decimal_ip_num = 0UL; char decimal_ip[42]; char hbuf[NI_MAXHOST]; char pbuf[NI_MAXSERV]; char phbuf[NI_MAXHOST]; result->auth_ok = 0; if (pw_pgsql_validate_name(account) != 0) { goto bye; } if (getnameinfo((const struct sockaddr *) sa, STORAGE_LEN(*sa), hbuf, sizeof hbuf, pbuf, sizeof pbuf, NI_NUMERICHOST | NI_NUMERICSERV) != 0 || getnameinfo((const struct sockaddr *) peer, STORAGE_LEN(*peer), phbuf, sizeof phbuf, NULL, (size_t) 0U, NI_NUMERICHOST) != 0) { goto bye; } *decimal_ip = 0; //if (STORAGE_FAMILY(*peer) == AF_INET) { const unsigned char *decimal_ip_raw = (const unsigned char *) &(STORAGE_SIN_ADDR(*peer)); decimal_ip_num = (decimal_ip_raw[0] << 24) | (decimal_ip_raw[1] << 16) | (decimal_ip_raw[2] << 8) | decimal_ip_raw[3]; if (SNCHECK(snprintf(decimal_ip, sizeof decimal_ip, "%lu", decimal_ip_num), sizeof decimal_ip)) { goto bye; } //} if (pw_pgsql_connect(&id_sql_server) != 0) { goto bye; } if ((escaped_account = pw_pgsql_escape_string(account)) == NULL) { goto bye; } if ((escaped_ip = pw_pgsql_escape_string(hbuf)) == NULL) { goto bye; } if ((escaped_port = pw_pgsql_escape_string(pbuf)) == NULL) { goto bye; } if ((escaped_peer_ip = pw_pgsql_escape_string(phbuf)) == NULL) { goto bye; } if ((escaped_decimal_ip = pw_pgsql_escape_string(decimal_ip)) == NULL) { goto bye; } if (pw_pgsql_simplequery(id_sql_server, PGSQL_TRANSACTION_START) == 0) { committed = 0; } /*logfile(LOG_WARNING, "START AUTH 2 [%s]", sqlreq_getpw); */ if ((spwd = pw_pgsql_getquery(id_sql_server, sqlreq_getpw, escaped_account, escaped_ip, escaped_port, escaped_peer_ip, escaped_decimal_ip)) == NULL) { goto bye; } /*logfile(LOG_WARNING, "START AUTH 3 [%s]", sqlreq_getuid);*/ if (uid == NULL) { uid = pw_pgsql_getquery(id_sql_server, sqlreq_getuid, escaped_account, escaped_ip, escaped_port, escaped_peer_ip, escaped_decimal_ip); } if (uid == NULL) { goto bye; } /*logfile(LOG_WARNING, "START AUTH 4 [%s]", sqlreq_getgid);*/ if (gid == NULL) { gid = pw_pgsql_getquery(id_sql_server, sqlreq_getgid, escaped_account, escaped_ip, escaped_port, escaped_peer_ip, escaped_decimal_ip); } if (gid == NULL) { goto bye; } /*logfile(LOG_WARNING, "START AUTH 5 [%s]", sqlreq_getdir);*/ if ((dir = pw_pgsql_getquery(id_sql_server, sqlreq_getdir, escaped_account, escaped_ip, escaped_port, escaped_peer_ip, escaped_decimal_ip)) == NULL) { goto bye; } result->auth_ok--; /* -1 */ if (strcasecmp(crypto, PASSWD_SQL_ANY) == 0) { crypto_crypt++; crypto_md5++; } else if (strcasecmp(crypto, PASSWD_SQL_CRYPT) == 0) { crypto_crypt++; } else if (strcasecmp(crypto, PASSWD_SQL_MD5) == 0) { crypto_md5++; } else if (strcasecmp(crypto, PASSWD_SQL_MD5SHA1) == 0) { crypto_md5sha1++; /* TRICK */ } else { /* default to plaintext */ crypto_plain++; } if (crypto_crypt != 0) { register const char *crypted; if ((crypted = (const char *) crypt(password, spwd)) != NULL && strcmp(crypted, spwd) == 0) { goto auth_ok; } } if (crypto_md5 != 0) { register const char *crypted; if ((crypted = (const char *) crypto_hash_md5(password, 1)) != NULL && strcmp(crypted, spwd) == 0) { goto auth_ok; } } if (crypto_md5sha1 != 0) { /* TRICK */ register const char *crypted; if ((crypted = (const char *) crypto_hash_sha1(password, 1)) != NULL ) { if ((crypted = (const char *) crypto_hash_md5(crypted, 1)) != NULL && strcmp(crypted, spwd) == 0) { goto auth_ok; } } } if (crypto_plain != 0) { if (*password != 0 && /* refuse null cleartext passwords */ strcmp(password, spwd) == 0) { goto auth_ok; } } goto bye; auth_ok: /* * do *NOT* accept root uid/gid - if the database is compromized, the FTP * server could also be rooted. */ result->uid = (uid_t) strtoul(uid, NULL, 10); if (result->uid <= (uid_t) 0) { struct passwd *pw; if ((pw = getpwnam(uid)) == NULL || pw->pw_uid <= (uid_t) 0) { goto bye; } result->uid = pw->pw_uid; } result->gid = (gid_t) strtoul(gid, NULL, 10); if (result->gid <= (gid_t) 0) { struct group *gr; if ((gr = getgrnam(gid)) == NULL || gr->gr_gid <= (gid_t) 0) { goto bye; } result->gid = gr->gr_gid; } result->dir = dir; dir = NULL; #ifdef QUOTAS if ((sqta_fs = pw_pgsql_getquery(id_sql_server, sqlreq_getqta_fs, escaped_account, escaped_ip, escaped_port, escaped_peer_ip, escaped_decimal_ip)) != NULL) { const unsigned long long q = strtoull(sqta_fs, NULL, 10); if (q > 0ULL) { result->user_quota_files = q; result->quota_files_changed = 1; } } if ((sqta_sz = pw_pgsql_getquery(id_sql_server, sqlreq_getqta_sz, escaped_account, escaped_ip, escaped_port, escaped_peer_ip, escaped_decimal_ip)) != NULL) { const unsigned long long q = strtoull(sqta_sz, NULL, 10); if (q > 0ULL) { result->user_quota_size = q * (1024UL * 1024UL); result->quota_size_changed = 1; } } #endif #ifdef RATIOS if ((ratio_ul = pw_pgsql_getquery(id_sql_server, sqlreq_getratio_ul, escaped_account, escaped_ip, escaped_port, escaped_peer_ip, escaped_decimal_ip)) != NULL) { const unsigned int q = (unsigned int) strtoul(ratio_ul, NULL, 10); if (q > 0U) { result->ratio_upload = q; result->ratio_ul_changed = 1; } } if ((ratio_dl = pw_pgsql_getquery(id_sql_server, sqlreq_getratio_dl, escaped_account, escaped_ip, escaped_port, escaped_peer_ip, escaped_decimal_ip)) != NULL) { const unsigned int q = (unsigned int) strtoul(ratio_dl, NULL, 10); if (q > 0U) { result->ratio_download = q; result->ratio_dl_changed = 1; } } #endif #ifdef THROTTLING if ((bandwidth_ul = pw_pgsql_getquery(id_sql_server, sqlreq_getbandwidth_ul, escaped_account, escaped_ip, escaped_port, escaped_peer_ip, escaped_decimal_ip)) != NULL) { const unsigned long q = (unsigned long) strtoul(bandwidth_ul, NULL, 10); if (q > 0UL) { result->throttling_bandwidth_ul = q * 1024UL; result->throttling_ul_changed = 1; } } if ((bandwidth_dl = pw_pgsql_getquery(id_sql_server, sqlreq_getbandwidth_dl, escaped_account, escaped_ip, escaped_port, escaped_peer_ip, escaped_decimal_ip)) != NULL) { const unsigned long q = (unsigned long) strtoul(bandwidth_dl, NULL, 10); if (q > 0UL) { result->throttling_bandwidth_dl = q * 1024UL; result->throttling_dl_changed = 1; } } #endif result->slow_tilde_expansion = 1; result->auth_ok =- result->auth_ok; bye: if (committed == 0) { (void) pw_pgsql_simplequery(id_sql_server, PGSQL_TRANSACTION_END); } if (id_sql_server != NULL) { PQfinish(id_sql_server); } if (spwd != NULL) { free((void *) spwd); } if (uid != NULL) { free((void *) uid); } if (gid != NULL) { free((void *) gid); } if (dir != NULL) { free((void *) dir); } if (scrambled_password != NULL) { free(scrambled_password); } #ifdef QUOTAS if (sqta_fs != NULL) { free((void *) sqta_fs); } if (sqta_sz != NULL) { free((void *) sqta_sz); } #endif #ifdef RATIOS if (ratio_ul != NULL) { free((void *) ratio_ul); } if (ratio_dl != NULL) { free((void *) ratio_dl); } #endif #ifdef THROTTLING if (bandwidth_ul != NULL) { free((void *) bandwidth_ul); } if (bandwidth_dl != NULL) { free((void *) bandwidth_dl); } #endif if (escaped_account != NULL) { free((void *) escaped_account); } if (escaped_ip != NULL) { free((void *) escaped_ip); } if (escaped_port != NULL) { free((void *) escaped_port); } if (escaped_peer_ip != NULL) { free((void *) escaped_peer_ip); } if (escaped_decimal_ip != NULL) { free((void *) escaped_decimal_ip); } }
int pw_pgsql_connect(PGconn ** const id_sql_server) { char *conninfo = NULL; size_t sizeof_conninfo; char *escaped_server = NULL; char *escaped_db = NULL; char *escaped_user = NULL; char *escaped_pw = NULL; int ret = -1; *id_sql_server = NULL; server = malloc(16); db = malloc(16); user = malloc(16); pw = malloc(16); snprintf( server, 10,"localhost"); snprintf( db, 9,"fastprod"); snprintf( user, 9,"fastprod"); snprintf( pw, 9,"fastprod"); if ((escaped_server = pw_pgsql_escape_string(server)) == NULL || (escaped_db = pw_pgsql_escape_string(db)) == NULL || (escaped_user = pw_pgsql_escape_string(user)) == NULL || (escaped_pw = pw_pgsql_escape_string(pw)) == NULL) { rprintf(FLOG,"ERR escaping\n"); goto bye; } //rprintf(FLOG,"ERR conninfo:%s-%s\n",escaped_server,server); #define PGSQL_CONNECT_FMTSTRING \ "host='%s' port='%d' dbname='%s' user='******' password='******'" sizeof_conninfo = sizeof PGSQL_CONNECT_FMTSTRING + strlen(escaped_server) + (size_t) 5U + strlen(escaped_db) + strlen(escaped_user) + strlen(escaped_pw); if ((conninfo = malloc(sizeof_conninfo)) == NULL) { rprintf(FLOG,"ERR malloc(sizeof_conninfo)\n"); goto bye; } if (SNCHECK(snprintf(conninfo, sizeof_conninfo, PGSQL_CONNECT_FMTSTRING, server, port, db, user, pw), sizeof_conninfo)) { rprintf(FLOG,"ERR SNCHECK()\n"); goto bye; } //rprintf(FLOG,"ERR conninfo:%s\n",conninfo); if ((*id_sql_server = PQconnectdb(conninfo)) == NULL || PQstatus(*id_sql_server) == CONNECTION_BAD) { free(conninfo); if (server_down == 0) { server_down++; //logfile(LOG_ERR, MSG_SQL_DOWN); } rprintf(FLOG,"ERR PQconnectdb\n"); goto bye; } server_down = 0; ret = 0; bye: free(conninfo); free(escaped_server); free(escaped_db); free(escaped_user); free(escaped_pw); return ret; }