static int mavis_send_in(mavis_ctx * mcx, av_ctx ** ac)
{
char *t, *u;
DebugIn(DEBUG_MAVIS);
t = av_get(*ac, AV_A_TYPE);
u = av_get(*ac, AV_A_USER);
if (strcmp(t, AV_V_TYPE_FTP)
|| (strcasecmp(u, "ftp")
&& strcasecmp(u, "anonymous"))) {
Debug((DEBUG_MAVIS, "- %s = MAVIS_DOWN (no anon ftp)\n", __func__));
return MAVIS_DOWN;
}
av_set(*ac, AV_A_RESULT, AV_V_RESULT_OK);
av_setf(*ac, AV_A_UID, "%d", (int) mcx->uid);
av_setf(*ac, AV_A_GID, "%d", (int) mcx->gid);
av_set(*ac, AV_A_HOME, mcx->home);
av_set(*ac, AV_A_ROOT, mcx->root);
av_set(*ac, AV_A_FTP_ANONYMOUS, AV_V_BOOL_TRUE);
if (mcx->incoming)
av_set(*ac, AV_A_ANON_INCOMING, mcx->incoming);
if ((t = av_get(*ac, AV_A_PASSWORD)))
av_set(*ac, AV_A_EMAIL, t);
Debug((DEBUG_MAVIS, "- %s = MAVIS_FINAL\n", __func__));
return MAVIS_FINAL;
}
static void find_ssluser(av_ctx * ac, int fn, char *user)
{
char inbuf[8192];
size_t offset = 0;
ssize_t inlength;
char *linestart = inbuf;
char *lineend;
while ((inlength = Read(fn, inbuf + offset, sizeof(inbuf) - 1 - offset)) > 0) {
inlength += offset;
inbuf[inlength] = 0;
linestart = inbuf;
while ((lineend = strchr(linestart, '\n'))) {
*lineend = 0;
if (*linestart != '#') {
char *subj = strchr(linestart, ':');
if (subj) {
char *s = linestart;
char *t;
*subj++ = 0;
for (t = strtok(s, ","); t; t = strtok(NULL, ","))
if (!strcmp(user, t)) {
char *a = av_get(ac, AV_A_DBCERTSUBJ);
if (a)
av_setf(ac, AV_A_DBCERTSUBJ, "%s\r%s", a, subj);
else
av_set(ac, AV_A_DBCERTSUBJ, subj);
break /* out of for-loop */ ;
}
}
}
linestart = lineend + 1;
}
offset = inbuf + inlength - linestart;
if (offset)
memmove(inbuf, linestart, offset);
}
}
static int mavis_send_in(mavis_ctx * mcx, av_ctx ** ac)
{
struct passwd *pw;
char *t, *u, *p, *m;
char buf[1024];
t = av_get(*ac, AV_A_TYPE);
u = av_get(*ac, AV_A_USER);
p = av_get(*ac, AV_A_PASSWORD);
if (strcmp(t, AV_V_TYPE_FTP))
return MAVIS_DOWN;
/* no VHOST support yet */
m = av_get(*ac, AV_A_FTP_ANONYMOUS);
if (m && !strcmp(m, AV_V_BOOL_TRUE))
return MAVIS_DOWN;
if (mcx->honour_ftpusers && !valid_user(mcx, u)) {
av_set(*ac, AV_A_COMMENT, "user found in ftpusers file");
av_set(*ac, AV_A_RESULT, AV_V_RESULT_FAIL);
return MAVIS_FINAL;
}
#ifdef HAVE_SHADOWPWD
if (!mcx->passwordfile) {
struct spwd *spw;
uid_t uid;
uid = geteuid();
seteuid(0);
spw = getspnam(u);
seteuid(uid);
if (!spw)
return MAVIS_DOWN;
if (strcmp(spw->sp_pwdp, mcx->crypt(p, spw->sp_pwdp))) {
av_set(*ac, AV_A_COMMENT, "password mismatch");
av_unset(*ac, AV_A_DBPASSWORD);
} else
av_set(*ac, AV_A_DBPASSWORD, p);
pw = getpwnam(u);
if (!pw) {
av_set(*ac, AV_A_COMMENT, "user not found in password file");
av_set(*ac, AV_A_RESULT, AV_V_RESULT_FAIL);
return MAVIS_FINAL;
}
} else
#endif /* HAVE_SHADOWPWD */
{
int f;
f = open(mcx->passwordfile, O_RDONLY);
if (f < 0) {
av_set(*ac, AV_A_COMMENT, "error opening password file");
av_set(*ac, AV_A_RESULT, AV_V_RESULT_ERROR);
return MAVIS_DOWN;
}
pw = get_pwent(mcx, f, u);
close(f);
if (!pw)
return MAVIS_DOWN;
#undef crypt /* may be set by openssl include stuff */
if (strcmp(pw->pw_passwd, mcx->crypt(p, pw->pw_passwd))) {
av_set(*ac, AV_A_COMMENT, "password mismatch");
av_unset(*ac, AV_A_DBPASSWORD);
} else
av_set(*ac, AV_A_DBPASSWORD, p);
}
if (mcx->require_valid_shell && (!pw->pw_shell || !valid_shell(mcx, pw->pw_shell))) {
av_set(*ac, AV_A_COMMENT, "invalid shell");
av_set(*ac, AV_A_RESULT, AV_V_RESULT_FAIL);
return MAVIS_FINAL;
}
if (!pw->pw_dir) {
av_set(*ac, AV_A_COMMENT, "home dir not set");
av_set(*ac, AV_A_RESULT, AV_V_RESULT_FAIL);
return MAVIS_FINAL;
}
av_setf(*ac, AV_A_UID, "%lu", (u_long) pw->pw_uid);
av_setf(*ac, AV_A_GID, "%lu", (u_long) pw->pw_gid);
/* attempt to get supplemental groups */
av_set(*ac, AV_A_GIDS, groups_getlist(pw->pw_name, pw->pw_gid, buf, sizeof(buf)));
if (mcx->ftp_chroot) {
char *tp = strstr(pw->pw_dir, "/./");
if (tp) {
*tp = 0;
av_set(*ac, AV_A_HOME, tp + 2);
} else
av_set(*ac, AV_A_HOME, "/");
av_set(*ac, AV_A_ROOT, pw->pw_dir);
} else {
av_set(*ac, AV_A_HOME, pw->pw_dir);
av_set(*ac, AV_A_ROOT, "/");
}
if (mcx->lookup_sslusers)
lookup_ssluser(mcx, *ac, u);
return MAVIS_FINAL;
}
static int mavis_send_in(mavis_ctx * mcx, av_ctx ** ac)
{
struct passwd *pw;
char *t, *u, *p, *m;
uid_t uid;
int res;
t = av_get(*ac, AV_A_TYPE);
u = av_get(*ac, AV_A_USER);
p = av_get(*ac, AV_A_PASSWORD);
if (strcmp(t, AV_V_TYPE_FTP))
return MAVIS_DOWN;
/* no VHOST support yet */
m = av_get(*ac, AV_A_FTP_ANONYMOUS);
if (m && !strcmp(m, AV_V_BOOL_TRUE))
return MAVIS_DOWN;
if (!(pw = getpwnam(u)))
return MAVIS_DOWN;
if (!pw->pw_dir) {
av_set(*ac, AV_A_COMMENT, "home dir not set");
av_set(*ac, AV_A_RESULT, AV_V_RESULT_FAIL);
return MAVIS_FINAL;
}
uid = geteuid();
seteuid(0);
res = check_auth(mcx, u, p);
seteuid(uid);
/* The PAM routines may have spoiled our logging identity. */
logopen();
if (res) {
char buf[1024];
av_set(*ac, AV_A_DBPASSWORD, p);
av_setf(*ac, AV_A_UID, "%lu", (u_long) pw->pw_uid);
av_setf(*ac, AV_A_GID, "%lu", (u_long) pw->pw_gid);
/* attempt to get supplemental groups */
av_set(*ac, AV_A_GIDS, groups_getlist(pw->pw_name, pw->pw_gid, buf, sizeof(buf)));
if (mcx->ftp_chroot) {
t = strstr(pw->pw_dir, "/./");
if (t) {
*t = 0;
av_set(*ac, AV_A_HOME, t + 2);
} else
av_set(*ac, AV_A_HOME, "/");
av_set(*ac, AV_A_ROOT, pw->pw_dir);
} else {
av_set(*ac, AV_A_HOME, pw->pw_dir);
av_set(*ac, AV_A_ROOT, "/");
}
} else
av_set(*ac, AV_A_RESULT, AV_V_RESULT_FAIL);
return MAVIS_FINAL;
}
