MODRET limit_login_post_pass(cmd_rec *cmd) {
/*
* PASSを通過すると cmd->server->conf にユーザー名が入る様子
* get_param_ptr()で取れる
*/
char *user = get_param_ptr(cmd->server->conf, "UserName", FALSE);
if(!user) {
pr_log_auth(PR_LOG_NOTICE, "User unknown. Something Wrong");
pr_response_send(R_530, _("Login incorrect."));
end_login(0);
}
int dummy;
if(session.dir_config &&
session.dir_config->subset &&
!login_check_limits(session.dir_config->subset, FALSE, TRUE ,&dummy)) {
remove_config(cmd->server->conf, C_USER, FALSE);
remove_config(cmd->server->conf, C_PASS, FALSE);
pr_log_auth(PR_LOG_NOTICE, "%s: Limit access denies login.", user);
pr_response_send(R_530, _("Login Denied."));
end_login(0);
}
pr_log_debug(DEBUG5, "%s: ok login_check_limits() post PASS", user);
return PR_DECLINED(cmd);
}
MODRET lmd_deny_blacklist_post_pass(cmd_rec *cmd) {
/*
mod_authを通過するまでは session.userは空の様子
const char *account = session.user;
*/
const char *account = NULL;
const char *remote_ip = NULL;
/* return IP unless found hostname */
account = get_param_ptr(cmd->server->conf, "UserName", FALSE);
remote_ip = pr_netaddr_get_ipstr(pr_netaddr_get_sess_remote_addr());
if(false == is_set_server) {
pr_log_auth(PR_LOG_WARNING, "%s: memcached_server not set", MODULE_NAME);
lmd_cleanup();
return PR_DECLINED(cmd);
}
if(is_allowed_user(cmd, account) == true) {
pr_log_auth(PR_LOG_NOTICE,
"%s: '%s' is allowed to login. skip last process", MODULE_NAME, account);
lmd_cleanup();
return PR_DECLINED(cmd);
}
/* allow explicily */
if(is_allowed(cmd, session.c->remote_addr) == true) {
return PR_DECLINED(cmd);
}
/* check whether account is registerd in blacklist or not */
if(is_cache_exits(memcached_deny_blacklist_mmc, account) == true) {
pr_log_auth(PR_LOG_NOTICE,
"%s: denied '%s@%s'. Account found in blacklist(memcached)",
MODULE_NAME, account, remote_ip);
pr_response_send(R_530, _("Login denied temporary (Account found in blacklist)"));
end_login(0);
}
/* check whether remote IP is registerd in blacklist or not */
if(is_cache_exits(memcached_deny_blacklist_mmc, remote_ip) == true) {
pr_log_auth(PR_LOG_NOTICE,
"%s: denied '%s@%s'. IP found in blacklist(memcached)",
MODULE_NAME, account, remote_ip);
pr_response_send(R_530, _("Login denied temporary (IP found in blacklist)"));
end_login(0);
}
pr_log_debug(DEBUG2,
"%s: not found in blaclist. '%s@%s' is allowed to Login",
MODULE_NAME, account, remote_ip);
lmd_cleanup();
return PR_DECLINED(cmd);
}
/* _sql_check_cmd: tests to make sure the cmd_rec is valid and is
* properly filled in. If not, it's grounds for the daemon to
* shutdown.
*/
static void _sql_check_cmd(cmd_rec *cmd, char *msg) {
if ((!cmd) || (!cmd->tmp_pool)) {
pr_log_pri(PR_LOG_ERR, MOD_SQL_POSTGRES_VERSION
": '%s' was passed an invalid cmd_rec. Shutting down.", msg);
sql_log(DEBUG_WARN, "'%s' was passed an invalid cmd_rec. Shutting down.",
msg);
end_login(1);
}
return;
}
static void sql_postgres_mod_load_ev(const void *event_data,
void *user_data) {
if (strcmp("mod_sql_postgres.c", (const char *) event_data) == 0) {
/* Register ourselves with mod_sql. */
if (sql_register_backend("postgres", sql_postgres_cmdtable) < 0) {
pr_log_pri(PR_LOG_NOTICE, MOD_SQL_POSTGRES_VERSION
": notice: error registering backend: %s", strerror(errno));
end_login(1);
}
}
}
static void sql_postgres_mod_unload_ev(const void *event_data,
void *user_data) {
if (strcmp("mod_sql_postgres.c", (const char *) event_data) == 0) {
/* Unegister ourselves with mod_sql. */
if (sql_unregister_backend("postgres") < 0) {
pr_log_pri(PR_LOG_NOTICE, MOD_SQL_POSTGRES_VERSION
": notice: error unregistering backend: %s", strerror(errno));
end_login(1);
}
/* Unregister ourselves from all events. */
pr_event_unregister(&sql_postgres_module, NULL, NULL);
}
}
/* USER command.
Sets global passwd pointer pw if named account exists and is acceptable;
sets askpasswd if a PASS command is expected. If logged in previously,
need to reset state. */
void
user (const char *name)
{
if (cred.logged_in)
{
if (cred.guest || cred.dochroot)
{
reply (530, "Can't change user from guest login.");
return;
}
end_login (&cred);
}
/* Non zero means failed. */
if (auth_user (name, &cred) != 0)
{
/* If they gave us a reason. */
if (cred.message)
{
reply (530, "%s", cred.message);
free (cred.message);
cred.message = NULL;
}
else
reply (530, "User %s access denied.", name);
if (logging)
syslog (LOG_NOTICE, "FTP LOGIN REFUSED FROM %s, %s",
cred.remotehost, name);
return;
}
/* If the server is set to serve anonymous service only
the request have to come from a guest or a chrooted. */
if (anon_only && !cred.guest && !cred.dochroot)
{
reply (530, "Sorry, only anonymous ftp allowed");
return;
}
if (logging)
{
strncpy (curname, name, sizeof (curname) - 1);
curname[sizeof (curname) - 1] = '\0'; /* Make sure null terminated. */
}
if (cred.message)
{
reply (331, "%s", cred.message);
free (cred.message);
cred.message = NULL;
}
else
reply (331, "Password required for %s.", name);
askpasswd = 1;
/* Delay before reading passwd after first failed
attempt to slow down passwd-guessing programs. */
if (login_attempts)
sleep ((unsigned) login_attempts);
}
static void
complete_login (struct credentials *pcred)
{
if (setegid ((gid_t) pcred->gid) < 0)
{
reply (550, "Can't set gid.");
return;
}
#ifdef HAVE_INITGROUPS
initgroups (pcred->name, pcred->gid);
#endif
/* open wtmp before chroot */
snprintf (ttyline, sizeof (ttyline), "ftp%d", getpid ());
logwtmp_keep_open (ttyline, pcred->name, pcred->remotehost);
if (pcred->guest)
{
/* We MUST do a chdir () after the chroot. Otherwise
the old current directory will be accessible as "."
outside the new root! */
if (chroot (pcred->rootdir) < 0 || chdir (pcred->homedir) < 0)
{
reply (550, "Can't set guest privileges.");
goto bad;
}
}
else if (pcred->dochroot)
{
if (chroot (pcred->rootdir) < 0 || chdir (pcred->homedir) < 0)
{
reply (550, "Can't change root.");
goto bad;
}
setenv ("HOME", pcred->homedir, 1);
}
else if (chdir (pcred->rootdir) < 0)
{
if (chdir ("/") < 0)
{
reply (530, "User %s: can't change directory to %s.",
pcred->name, pcred->homedir);
goto bad;
}
else
lreply (230, "No directory! Logging in with home=/");
}
if (seteuid ((uid_t) pcred->uid) < 0)
{
reply (550, "Can't set uid.");
goto bad;
}
/* Display a login message, if it exists.
N.B. reply(230,) must follow the message. */
display_file (PATH_FTPLOGINMESG, 230);
if (pcred->guest)
{
reply (230, "Guest login ok, access restrictions apply.");
#ifdef HAVE_SETPROCTITLE
snprintf (proctitle, sizeof (proctitle), "%s: anonymous",
pcred->remotehost);
setproctitle ("%s", proctitle);
#endif /* HAVE_SETPROCTITLE */
if (logging)
syslog (LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s", pcred->remotehost);
}
else
{
reply (230, "User %s logged in.", pcred->name);
#ifdef HAVE_SETPROCTITLE
snprintf (proctitle, sizeof (proctitle),
"%s: %s", pcred->remotehost, pcred->name);
setproctitle ("%s", proctitle);
#endif /* HAVE_SETPROCTITLE */
if (logging)
syslog (LOG_INFO, "FTP LOGIN FROM %s as %s",
pcred->remotehost, pcred->name);
}
umask (defumask);
return;
bad:
/* Forget all about it... */
end_login (pcred);
}
