MODRET lmd_deny_blacklist_post_pass(cmd_rec *cmd) { /* mod_authを通過するまでは session.userは空の様子 const char *account = session.user; */ const char *account = NULL; const char *remote_ip = NULL; /* return IP unless found hostname */ account = get_param_ptr(cmd->server->conf, "UserName", FALSE); remote_ip = pr_netaddr_get_ipstr(pr_netaddr_get_sess_remote_addr()); if(false == is_set_server) { pr_log_auth(PR_LOG_WARNING, "%s: memcached_server not set", MODULE_NAME); lmd_cleanup(); return PR_DECLINED(cmd); } if(is_allowed_user(cmd, account) == true) { pr_log_auth(PR_LOG_NOTICE, "%s: '%s' is allowed to login. skip last process", MODULE_NAME, account); lmd_cleanup(); return PR_DECLINED(cmd); } /* allow explicily */ if(is_allowed(cmd, session.c->remote_addr) == true) { return PR_DECLINED(cmd); } /* check whether account is registerd in blacklist or not */ if(is_cache_exits(memcached_deny_blacklist_mmc, account) == true) { pr_log_auth(PR_LOG_NOTICE, "%s: denied '%s@%s'. Account found in blacklist(memcached)", MODULE_NAME, account, remote_ip); pr_response_send(R_530, _("Login denied temporary (Account found in blacklist)")); end_login(0); } /* check whether remote IP is registerd in blacklist or not */ if(is_cache_exits(memcached_deny_blacklist_mmc, remote_ip) == true) { pr_log_auth(PR_LOG_NOTICE, "%s: denied '%s@%s'. IP found in blacklist(memcached)", MODULE_NAME, account, remote_ip); pr_response_send(R_530, _("Login denied temporary (IP found in blacklist)")); end_login(0); } pr_log_debug(DEBUG2, "%s: not found in blaclist. '%s@%s' is allowed to Login", MODULE_NAME, account, remote_ip); lmd_cleanup(); return PR_DECLINED(cmd); }
static void log_write(int priority, int f, char *s, int discard) { unsigned int max_priority = 0, *ptr = NULL; char serverinfo[PR_TUNABLE_BUFFER_SIZE] = {'\0'}; memset(serverinfo, '\0', sizeof(serverinfo)); if (main_server && main_server->ServerFQDN) { pr_netaddr_t *remote_addr = pr_netaddr_get_sess_remote_addr(); const char *remote_name = pr_netaddr_get_sess_remote_name(); snprintf(serverinfo, sizeof(serverinfo)-1, "%s", main_server->ServerFQDN); serverinfo[sizeof(serverinfo)-1] = '\0'; if (remote_addr && remote_name) { size_t serverinfo_len; serverinfo_len = strlen(serverinfo); snprintf(serverinfo + serverinfo_len, sizeof(serverinfo) - serverinfo_len, " (%s[%s])", remote_name, pr_netaddr_get_ipstr(remote_addr)); serverinfo[sizeof(serverinfo)-1] = '\0'; } } if (!discard && (logstderr || !main_server)) { char buf[LOGBUFFER_SIZE] = {'\0'}; size_t buflen, len; struct timeval now; struct tm *tm = NULL; unsigned long millis; gettimeofday(&now, NULL); tm = pr_localtime(NULL, (const time_t *) &(now.tv_sec)); if (tm == NULL) { return; } len = strftime(buf, sizeof(buf)-1, "%Y-%m-%d %H:%M:%S", tm); buflen = len; buf[sizeof(buf)-1] = '\0'; /* Convert microsecs to millisecs. */ millis = now.tv_usec / 1000; len = snprintf(buf + buflen, sizeof(buf) - len, ",%03lu ", millis); buflen += len; buf[sizeof(buf)-1] = '\0'; if (*serverinfo) { len = snprintf(buf + buflen, sizeof(buf) - buflen, "%s proftpd[%u] %s: %s\n", systemlog_host, (unsigned int) (session.pid ? session.pid : getpid()), serverinfo, s); } else { len = snprintf(buf + buflen, sizeof(buf) - buflen, "%s proftpd[%u]: %s\n", systemlog_host, (unsigned int) (session.pid ? session.pid : getpid()), s); } buflen += len; buf[sizeof(buf)-1] = '\0'; pr_log_event_generate(PR_LOG_TYPE_SYSTEMLOG, STDERR_FILENO, priority, buf, buflen); fprintf(stderr, "%s", buf); return; } if (syslog_discard) { /* Only return now if we don't have any log listeners. */ if (pr_log_event_listening(PR_LOG_TYPE_SYSLOG) <= 0 && pr_log_event_listening(PR_LOG_TYPE_SYSTEMLOG) <= 0) { return; } } ptr = get_param_ptr(main_server->conf, "SyslogLevel", FALSE); if (ptr != NULL) { max_priority = *ptr; } else { /* Default SyslogLevel */ max_priority = default_level; } if (priority > max_priority) { /* Only return now if we don't have any log listeners. */ if (pr_log_event_listening(PR_LOG_TYPE_SYSLOG) <= 0 && pr_log_event_listening(PR_LOG_TYPE_SYSTEMLOG) <= 0) { return; } } if (systemlog_fd != -1) { char buf[LOGBUFFER_SIZE] = {'\0'}; size_t buflen, len; struct timeval now; struct tm *tm; unsigned long millis; gettimeofday(&now, NULL); tm = pr_localtime(NULL, (const time_t *) &(now.tv_sec)); if (tm == NULL) { return; } len = strftime(buf, sizeof(buf), "%Y-%m-%d %H:%M:%S", tm); buflen = len; buf[sizeof(buf) - 1] = '\0'; /* Convert microsecs to millisecs. */ millis = now.tv_usec / 1000; len = snprintf(buf + buflen, sizeof(buf) - len, ",%03lu ", millis); buflen += len; buf[sizeof(buf) - 1] = '\0'; if (*serverinfo) { len = snprintf(buf + buflen, sizeof(buf) - buflen, "%s proftpd[%u] %s: %s\n", systemlog_host, (unsigned int) (session.pid ? session.pid : getpid()), serverinfo, s); } else { len = snprintf(buf + buflen, sizeof(buf) - buflen, "%s proftpd[%u]: %s\n", systemlog_host, (unsigned int) (session.pid ? session.pid : getpid()), s); } buflen += len; buf[sizeof(buf)-1] = '\0'; pr_log_event_generate(PR_LOG_TYPE_SYSTEMLOG, systemlog_fd, priority, buf, buflen); /* Now we need to enforce the discard, syslog_discard and SyslogLevel * filtering. */ if (discard) { return; } if (syslog_discard) { return; } if (priority > max_priority) { return; } while (write(systemlog_fd, buf, buflen) < 0) { if (errno == EINTR) { pr_signals_handle(); continue; } return; } return; } pr_log_event_generate(PR_LOG_TYPE_SYSLOG, syslog_sockfd, priority, s, strlen(s)); if (set_facility != -1) f = set_facility; if (!syslog_open) { syslog_sockfd = pr_openlog("proftpd", LOG_NDELAY|LOG_PID, f); if (syslog_sockfd < 0) { (void) pr_trace_msg(trace_channel, 1, "error opening syslog fd: %s", strerror(errno)); return; } syslog_open = TRUE; } else if (f != facility) { /* If this message is to be sent to a different log facility than a * default one (or the facility configured via SyslogFacility), then * OR in the facility with the priority value, as per the syslog(3) * docs. */ priority |= f; } if (*serverinfo) { pr_syslog(syslog_sockfd, priority, "%s - %s\n", serverinfo, s); } else { pr_syslog(syslog_sockfd, priority, "%s\n", s); } }
void sftp_disconnect_send(uint32_t reason, const char *explain, const char *file, int lineno, const char *func) { struct ssh2_packet *pkt; const pr_netaddr_t *remote_addr; const char *lang = "en-US"; unsigned char *buf, *ptr; uint32_t buflen, bufsz; int sockfd; /* Send the client a DISCONNECT mesg. */ pkt = sftp_ssh2_packet_create(sftp_pool); remote_addr = pr_netaddr_get_sess_remote_addr(); buflen = bufsz = 1024; ptr = buf = palloc(pkt->pool, bufsz); if (explain == NULL) { register unsigned int i; for (i = 0; explanations[i].explain; i++) { if (explanations[i].code == reason) { explain = explanations[i].explain; lang = explanations[i].lang; if (lang == NULL) { lang = "en-US"; } break; } } if (explain == NULL) { explain = "Unknown reason"; } } else { lang = "en-US"; } if (strlen(func) > 0) { pr_trace_msg(trace_channel, 9, "disconnecting (%s) [at %s:%d:%s()]", explain, file, lineno, func); } else { pr_trace_msg(trace_channel, 9, "disconnecting (%s) [at %s:%d]", explain, file, lineno); } sftp_msg_write_byte(&buf, &buflen, SFTP_SSH2_MSG_DISCONNECT); sftp_msg_write_int(&buf, &buflen, reason); sftp_msg_write_string(&buf, &buflen, explain); sftp_msg_write_string(&buf, &buflen, lang); pkt->payload = ptr; pkt->payload_len = (bufsz - buflen); (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION, "disconnecting %s (%s)", pr_netaddr_get_ipstr(remote_addr), explain); /* If we are called very early in the connection lifetime, then the * sftp_conn variable may not have been set yet, thus the conditional here. */ if (sftp_conn != NULL) { sockfd = sftp_conn->wfd; } else { sockfd = session.c->wfd; } /* Explicitly set a short poll timeout of 5 secs. */ sftp_ssh2_packet_set_poll_timeout(5); if (sftp_ssh2_packet_write(sockfd, pkt) < 0) { int xerrno = errno; pr_trace_msg(trace_channel, 12, "error writing DISCONNECT message: %s", strerror(xerrno)); } destroy_pool(pkt->pool); }
static void log_write(int priority, int f, char *s) { unsigned int *max_priority = NULL; char serverinfo[PR_TUNABLE_BUFFER_SIZE] = {'\0'}; memset(serverinfo, '\0', sizeof(serverinfo)); if (main_server && main_server->ServerFQDN) { pr_netaddr_t *remote_addr = pr_netaddr_get_sess_remote_addr(); const char *remote_name = pr_netaddr_get_sess_remote_name(); snprintf(serverinfo, sizeof(serverinfo), "%s", main_server->ServerFQDN); serverinfo[sizeof(serverinfo)-1] = '\0'; if (remote_addr && remote_name) { snprintf(serverinfo + strlen(serverinfo), sizeof(serverinfo) - strlen(serverinfo), " (%s[%s])", remote_name, pr_netaddr_get_ipstr(remote_addr)); serverinfo[sizeof(serverinfo)-1] = '\0'; } } if (logstderr || !main_server) { fprintf(stderr, "%s - %s\n", serverinfo, s); return; } if (syslog_discard) return; if (systemlog_fd != -1) { char buf[LOGBUFFER_SIZE] = {'\0'}; time_t tt = time(NULL); struct tm *t; t = localtime(&tt); strftime(buf, sizeof(buf), "%b %d %H:%M:%S ", t); buf[sizeof(buf) - 1] = '\0'; if (*serverinfo) { snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "%s proftpd[%u] %s: %s\n", systemlog_host, (unsigned int) getpid(), serverinfo, s); } else { snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "%s proftpd[%u]: %s\n", systemlog_host, (unsigned int) getpid(), s); } buf[sizeof(buf) - 1] = '\0'; write(systemlog_fd, buf, strlen(buf)); return; } if (set_facility != -1) f = set_facility; if (!syslog_open) { syslog_sockfd = pr_openlog("proftpd", LOG_NDELAY|LOG_PID, f); } else if (f != facility) { (void) pr_setlogfacility(f); } max_priority = get_param_ptr(main_server->conf, "SyslogLevel", FALSE); if (max_priority != NULL && priority > *max_priority) return; if (*serverinfo) pr_syslog(syslog_sockfd, priority, "%s - %s\n", serverinfo, s); else pr_syslog(syslog_sockfd, priority, "%s\n", s); if (!syslog_open) { pr_closelog(syslog_sockfd); syslog_sockfd = -1; } else if (f != facility) { (void) pr_setlogfacility(f); } }
static void sess_cleanup(int flags) { /* Clear the scoreboard entry. */ if (ServerType == SERVER_STANDALONE) { /* For standalone daemons, we only clear the scoreboard slot if we are * an exiting child process. */ if (!is_master) { if (pr_scoreboard_entry_del(TRUE) < 0 && errno != EINVAL && errno != ENOENT) { pr_log_debug(DEBUG1, "error deleting scoreboard entry: %s", strerror(errno)); } } } else if (ServerType == SERVER_INETD) { /* For inetd-spawned daemons, we always clear the scoreboard slot. */ if (pr_scoreboard_entry_del(TRUE) < 0 && errno != EINVAL && errno != ENOENT) { pr_log_debug(DEBUG1, "error deleting scoreboard entry: %s", strerror(errno)); } } /* If session.user is set, we have a valid login. */ if (session.user && session.wtmp_log) { const char *sess_ttyname; sess_ttyname = pr_session_get_ttyname(session.pool); log_wtmp(sess_ttyname, "", pr_netaddr_get_sess_remote_name(), pr_netaddr_get_sess_remote_addr()); } /* These are necessary in order that cleanups associated with these pools * (and their subpools) are properly run. */ if (session.d) { pr_inet_close(session.pool, session.d); session.d = NULL; } if (session.c) { pr_inet_close(session.pool, session.c); session.c = NULL; } /* Run all the exit handlers */ pr_event_generate("core.exit", NULL); if (!is_master || (ServerType == SERVER_INETD && !(flags & PR_SESS_END_FL_SYNTAX_CHECK))) { pr_log_pri(PR_LOG_INFO, "%s session closed.", pr_session_get_protocol(PR_SESS_PROTO_FL_LOGOUT)); } log_closesyslog(); }