MODRET limit_login_post_pass(cmd_rec *cmd) { /* * PASSを通過すると cmd->server->conf にユーザー名が入る様子 * get_param_ptr()で取れる */ char *user = get_param_ptr(cmd->server->conf, "UserName", FALSE); if(!user) { pr_log_auth(PR_LOG_NOTICE, "User unknown. Something Wrong"); pr_response_send(R_530, _("Login incorrect.")); end_login(0); } int dummy; if(session.dir_config && session.dir_config->subset && !login_check_limits(session.dir_config->subset, FALSE, TRUE ,&dummy)) { remove_config(cmd->server->conf, C_USER, FALSE); remove_config(cmd->server->conf, C_PASS, FALSE); pr_log_auth(PR_LOG_NOTICE, "%s: Limit access denies login.", user); pr_response_send(R_530, _("Login Denied.")); end_login(0); } pr_log_debug(DEBUG5, "%s: ok login_check_limits() post PASS", user); return PR_DECLINED(cmd); }
MODRET lmd_deny_blacklist_post_pass(cmd_rec *cmd) { /* mod_authを通過するまでは session.userは空の様子 const char *account = session.user; */ const char *account = NULL; const char *remote_ip = NULL; /* return IP unless found hostname */ account = get_param_ptr(cmd->server->conf, "UserName", FALSE); remote_ip = pr_netaddr_get_ipstr(pr_netaddr_get_sess_remote_addr()); if(false == is_set_server) { pr_log_auth(PR_LOG_WARNING, "%s: memcached_server not set", MODULE_NAME); lmd_cleanup(); return PR_DECLINED(cmd); } if(is_allowed_user(cmd, account) == true) { pr_log_auth(PR_LOG_NOTICE, "%s: '%s' is allowed to login. skip last process", MODULE_NAME, account); lmd_cleanup(); return PR_DECLINED(cmd); } /* allow explicily */ if(is_allowed(cmd, session.c->remote_addr) == true) { return PR_DECLINED(cmd); } /* check whether account is registerd in blacklist or not */ if(is_cache_exits(memcached_deny_blacklist_mmc, account) == true) { pr_log_auth(PR_LOG_NOTICE, "%s: denied '%s@%s'. Account found in blacklist(memcached)", MODULE_NAME, account, remote_ip); pr_response_send(R_530, _("Login denied temporary (Account found in blacklist)")); end_login(0); } /* check whether remote IP is registerd in blacklist or not */ if(is_cache_exits(memcached_deny_blacklist_mmc, remote_ip) == true) { pr_log_auth(PR_LOG_NOTICE, "%s: denied '%s@%s'. IP found in blacklist(memcached)", MODULE_NAME, account, remote_ip); pr_response_send(R_530, _("Login denied temporary (IP found in blacklist)")); end_login(0); } pr_log_debug(DEBUG2, "%s: not found in blaclist. '%s@%s' is allowed to Login", MODULE_NAME, account, remote_ip); lmd_cleanup(); return PR_DECLINED(cmd); }
/* _sql_check_cmd: tests to make sure the cmd_rec is valid and is * properly filled in. If not, it's grounds for the daemon to * shutdown. */ static void _sql_check_cmd(cmd_rec *cmd, char *msg) { if ((!cmd) || (!cmd->tmp_pool)) { pr_log_pri(PR_LOG_ERR, MOD_SQL_POSTGRES_VERSION ": '%s' was passed an invalid cmd_rec. Shutting down.", msg); sql_log(DEBUG_WARN, "'%s' was passed an invalid cmd_rec. Shutting down.", msg); end_login(1); } return; }
static void sql_postgres_mod_load_ev(const void *event_data, void *user_data) { if (strcmp("mod_sql_postgres.c", (const char *) event_data) == 0) { /* Register ourselves with mod_sql. */ if (sql_register_backend("postgres", sql_postgres_cmdtable) < 0) { pr_log_pri(PR_LOG_NOTICE, MOD_SQL_POSTGRES_VERSION ": notice: error registering backend: %s", strerror(errno)); end_login(1); } } }
static void sql_postgres_mod_unload_ev(const void *event_data, void *user_data) { if (strcmp("mod_sql_postgres.c", (const char *) event_data) == 0) { /* Unegister ourselves with mod_sql. */ if (sql_unregister_backend("postgres") < 0) { pr_log_pri(PR_LOG_NOTICE, MOD_SQL_POSTGRES_VERSION ": notice: error unregistering backend: %s", strerror(errno)); end_login(1); } /* Unregister ourselves from all events. */ pr_event_unregister(&sql_postgres_module, NULL, NULL); } }
/* USER command. Sets global passwd pointer pw if named account exists and is acceptable; sets askpasswd if a PASS command is expected. If logged in previously, need to reset state. */ void user (const char *name) { if (cred.logged_in) { if (cred.guest || cred.dochroot) { reply (530, "Can't change user from guest login."); return; } end_login (&cred); } /* Non zero means failed. */ if (auth_user (name, &cred) != 0) { /* If they gave us a reason. */ if (cred.message) { reply (530, "%s", cred.message); free (cred.message); cred.message = NULL; } else reply (530, "User %s access denied.", name); if (logging) syslog (LOG_NOTICE, "FTP LOGIN REFUSED FROM %s, %s", cred.remotehost, name); return; } /* If the server is set to serve anonymous service only the request have to come from a guest or a chrooted. */ if (anon_only && !cred.guest && !cred.dochroot) { reply (530, "Sorry, only anonymous ftp allowed"); return; } if (logging) { strncpy (curname, name, sizeof (curname) - 1); curname[sizeof (curname) - 1] = '\0'; /* Make sure null terminated. */ } if (cred.message) { reply (331, "%s", cred.message); free (cred.message); cred.message = NULL; } else reply (331, "Password required for %s.", name); askpasswd = 1; /* Delay before reading passwd after first failed attempt to slow down passwd-guessing programs. */ if (login_attempts) sleep ((unsigned) login_attempts); }
static void complete_login (struct credentials *pcred) { if (setegid ((gid_t) pcred->gid) < 0) { reply (550, "Can't set gid."); return; } #ifdef HAVE_INITGROUPS initgroups (pcred->name, pcred->gid); #endif /* open wtmp before chroot */ snprintf (ttyline, sizeof (ttyline), "ftp%d", getpid ()); logwtmp_keep_open (ttyline, pcred->name, pcred->remotehost); if (pcred->guest) { /* We MUST do a chdir () after the chroot. Otherwise the old current directory will be accessible as "." outside the new root! */ if (chroot (pcred->rootdir) < 0 || chdir (pcred->homedir) < 0) { reply (550, "Can't set guest privileges."); goto bad; } } else if (pcred->dochroot) { if (chroot (pcred->rootdir) < 0 || chdir (pcred->homedir) < 0) { reply (550, "Can't change root."); goto bad; } setenv ("HOME", pcred->homedir, 1); } else if (chdir (pcred->rootdir) < 0) { if (chdir ("/") < 0) { reply (530, "User %s: can't change directory to %s.", pcred->name, pcred->homedir); goto bad; } else lreply (230, "No directory! Logging in with home=/"); } if (seteuid ((uid_t) pcred->uid) < 0) { reply (550, "Can't set uid."); goto bad; } /* Display a login message, if it exists. N.B. reply(230,) must follow the message. */ display_file (PATH_FTPLOGINMESG, 230); if (pcred->guest) { reply (230, "Guest login ok, access restrictions apply."); #ifdef HAVE_SETPROCTITLE snprintf (proctitle, sizeof (proctitle), "%s: anonymous", pcred->remotehost); setproctitle ("%s", proctitle); #endif /* HAVE_SETPROCTITLE */ if (logging) syslog (LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s", pcred->remotehost); } else { reply (230, "User %s logged in.", pcred->name); #ifdef HAVE_SETPROCTITLE snprintf (proctitle, sizeof (proctitle), "%s: %s", pcred->remotehost, pcred->name); setproctitle ("%s", proctitle); #endif /* HAVE_SETPROCTITLE */ if (logging) syslog (LOG_INFO, "FTP LOGIN FROM %s as %s", pcred->remotehost, pcred->name); } umask (defumask); return; bad: /* Forget all about it... */ end_login (pcred); }