MODRET lmd_deny_blacklist_post_pass(cmd_rec *cmd) {
/*
mod_authを通過するまでは session.userは空の様子
const char *account = session.user;
*/
const char *account = NULL;
const char *remote_ip = NULL;
/* return IP unless found hostname */
account = get_param_ptr(cmd->server->conf, "UserName", FALSE);
remote_ip = pr_netaddr_get_ipstr(pr_netaddr_get_sess_remote_addr());
if(false == is_set_server) {
pr_log_auth(PR_LOG_WARNING, "%s: memcached_server not set", MODULE_NAME);
lmd_cleanup();
return PR_DECLINED(cmd);
}
if(is_allowed_user(cmd, account) == true) {
pr_log_auth(PR_LOG_NOTICE,
"%s: '%s' is allowed to login. skip last process", MODULE_NAME, account);
lmd_cleanup();
return PR_DECLINED(cmd);
}
/* allow explicily */
if(is_allowed(cmd, session.c->remote_addr) == true) {
return PR_DECLINED(cmd);
}
/* check whether account is registerd in blacklist or not */
if(is_cache_exits(memcached_deny_blacklist_mmc, account) == true) {
pr_log_auth(PR_LOG_NOTICE,
"%s: denied '%s@%s'. Account found in blacklist(memcached)",
MODULE_NAME, account, remote_ip);
pr_response_send(R_530, _("Login denied temporary (Account found in blacklist)"));
end_login(0);
}
/* check whether remote IP is registerd in blacklist or not */
if(is_cache_exits(memcached_deny_blacklist_mmc, remote_ip) == true) {
pr_log_auth(PR_LOG_NOTICE,
"%s: denied '%s@%s'. IP found in blacklist(memcached)",
MODULE_NAME, account, remote_ip);
pr_response_send(R_530, _("Login denied temporary (IP found in blacklist)"));
end_login(0);
}
pr_log_debug(DEBUG2,
"%s: not found in blaclist. '%s@%s' is allowed to Login",
MODULE_NAME, account, remote_ip);
lmd_cleanup();
return PR_DECLINED(cmd);
}
static void log_write(int priority, int f, char *s, int discard) {
unsigned int max_priority = 0, *ptr = NULL;
char serverinfo[PR_TUNABLE_BUFFER_SIZE] = {'\0'};
memset(serverinfo, '\0', sizeof(serverinfo));
if (main_server &&
main_server->ServerFQDN) {
pr_netaddr_t *remote_addr = pr_netaddr_get_sess_remote_addr();
const char *remote_name = pr_netaddr_get_sess_remote_name();
snprintf(serverinfo, sizeof(serverinfo)-1, "%s", main_server->ServerFQDN);
serverinfo[sizeof(serverinfo)-1] = '\0';
if (remote_addr && remote_name) {
size_t serverinfo_len;
serverinfo_len = strlen(serverinfo);
snprintf(serverinfo + serverinfo_len,
sizeof(serverinfo) - serverinfo_len, " (%s[%s])",
remote_name, pr_netaddr_get_ipstr(remote_addr));
serverinfo[sizeof(serverinfo)-1] = '\0';
}
}
if (!discard &&
(logstderr || !main_server)) {
char buf[LOGBUFFER_SIZE] = {'\0'};
size_t buflen, len;
struct timeval now;
struct tm *tm = NULL;
unsigned long millis;
gettimeofday(&now, NULL);
tm = pr_localtime(NULL, (const time_t *) &(now.tv_sec));
if (tm == NULL) {
return;
}
len = strftime(buf, sizeof(buf)-1, "%Y-%m-%d %H:%M:%S", tm);
buflen = len;
buf[sizeof(buf)-1] = '\0';
/* Convert microsecs to millisecs. */
millis = now.tv_usec / 1000;
len = snprintf(buf + buflen, sizeof(buf) - len, ",%03lu ", millis);
buflen += len;
buf[sizeof(buf)-1] = '\0';
if (*serverinfo) {
len = snprintf(buf + buflen, sizeof(buf) - buflen,
"%s proftpd[%u] %s: %s\n", systemlog_host,
(unsigned int) (session.pid ? session.pid : getpid()), serverinfo, s);
} else {
len = snprintf(buf + buflen, sizeof(buf) - buflen,
"%s proftpd[%u]: %s\n", systemlog_host,
(unsigned int) (session.pid ? session.pid : getpid()), s);
}
buflen += len;
buf[sizeof(buf)-1] = '\0';
pr_log_event_generate(PR_LOG_TYPE_SYSTEMLOG, STDERR_FILENO, priority,
buf, buflen);
fprintf(stderr, "%s", buf);
return;
}
if (syslog_discard) {
/* Only return now if we don't have any log listeners. */
if (pr_log_event_listening(PR_LOG_TYPE_SYSLOG) <= 0 &&
pr_log_event_listening(PR_LOG_TYPE_SYSTEMLOG) <= 0) {
return;
}
}
ptr = get_param_ptr(main_server->conf, "SyslogLevel", FALSE);
if (ptr != NULL) {
max_priority = *ptr;
} else {
/* Default SyslogLevel */
max_priority = default_level;
}
if (priority > max_priority) {
/* Only return now if we don't have any log listeners. */
if (pr_log_event_listening(PR_LOG_TYPE_SYSLOG) <= 0 &&
pr_log_event_listening(PR_LOG_TYPE_SYSTEMLOG) <= 0) {
return;
}
}
if (systemlog_fd != -1) {
char buf[LOGBUFFER_SIZE] = {'\0'};
size_t buflen, len;
struct timeval now;
struct tm *tm;
unsigned long millis;
gettimeofday(&now, NULL);
tm = pr_localtime(NULL, (const time_t *) &(now.tv_sec));
if (tm == NULL) {
return;
}
len = strftime(buf, sizeof(buf), "%Y-%m-%d %H:%M:%S", tm);
buflen = len;
buf[sizeof(buf) - 1] = '\0';
/* Convert microsecs to millisecs. */
millis = now.tv_usec / 1000;
len = snprintf(buf + buflen, sizeof(buf) - len, ",%03lu ", millis);
buflen += len;
buf[sizeof(buf) - 1] = '\0';
if (*serverinfo) {
len = snprintf(buf + buflen, sizeof(buf) - buflen,
"%s proftpd[%u] %s: %s\n", systemlog_host,
(unsigned int) (session.pid ? session.pid : getpid()), serverinfo, s);
} else {
len = snprintf(buf + buflen, sizeof(buf) - buflen,
"%s proftpd[%u]: %s\n", systemlog_host,
(unsigned int) (session.pid ? session.pid : getpid()), s);
}
buflen += len;
buf[sizeof(buf)-1] = '\0';
pr_log_event_generate(PR_LOG_TYPE_SYSTEMLOG, systemlog_fd, priority,
buf, buflen);
/* Now we need to enforce the discard, syslog_discard and SyslogLevel
* filtering.
*/
if (discard) {
return;
}
if (syslog_discard) {
return;
}
if (priority > max_priority) {
return;
}
while (write(systemlog_fd, buf, buflen) < 0) {
if (errno == EINTR) {
pr_signals_handle();
continue;
}
return;
}
return;
}
pr_log_event_generate(PR_LOG_TYPE_SYSLOG, syslog_sockfd, priority, s,
strlen(s));
if (set_facility != -1)
f = set_facility;
if (!syslog_open) {
syslog_sockfd = pr_openlog("proftpd", LOG_NDELAY|LOG_PID, f);
if (syslog_sockfd < 0) {
(void) pr_trace_msg(trace_channel, 1,
"error opening syslog fd: %s", strerror(errno));
return;
}
syslog_open = TRUE;
} else if (f != facility) {
/* If this message is to be sent to a different log facility than a
* default one (or the facility configured via SyslogFacility), then
* OR in the facility with the priority value, as per the syslog(3)
* docs.
*/
priority |= f;
}
if (*serverinfo) {
pr_syslog(syslog_sockfd, priority, "%s - %s\n", serverinfo, s);
} else {
pr_syslog(syslog_sockfd, priority, "%s\n", s);
}
}
void sftp_disconnect_send(uint32_t reason, const char *explain,
const char *file, int lineno, const char *func) {
struct ssh2_packet *pkt;
const pr_netaddr_t *remote_addr;
const char *lang = "en-US";
unsigned char *buf, *ptr;
uint32_t buflen, bufsz;
int sockfd;
/* Send the client a DISCONNECT mesg. */
pkt = sftp_ssh2_packet_create(sftp_pool);
remote_addr = pr_netaddr_get_sess_remote_addr();
buflen = bufsz = 1024;
ptr = buf = palloc(pkt->pool, bufsz);
if (explain == NULL) {
register unsigned int i;
for (i = 0; explanations[i].explain; i++) {
if (explanations[i].code == reason) {
explain = explanations[i].explain;
lang = explanations[i].lang;
if (lang == NULL) {
lang = "en-US";
}
break;
}
}
if (explain == NULL) {
explain = "Unknown reason";
}
} else {
lang = "en-US";
}
if (strlen(func) > 0) {
pr_trace_msg(trace_channel, 9, "disconnecting (%s) [at %s:%d:%s()]",
explain, file, lineno, func);
} else {
pr_trace_msg(trace_channel, 9, "disconnecting (%s) [at %s:%d]", explain,
file, lineno);
}
sftp_msg_write_byte(&buf, &buflen, SFTP_SSH2_MSG_DISCONNECT);
sftp_msg_write_int(&buf, &buflen, reason);
sftp_msg_write_string(&buf, &buflen, explain);
sftp_msg_write_string(&buf, &buflen, lang);
pkt->payload = ptr;
pkt->payload_len = (bufsz - buflen);
(void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
"disconnecting %s (%s)", pr_netaddr_get_ipstr(remote_addr), explain);
/* If we are called very early in the connection lifetime, then the
* sftp_conn variable may not have been set yet, thus the conditional here.
*/
if (sftp_conn != NULL) {
sockfd = sftp_conn->wfd;
} else {
sockfd = session.c->wfd;
}
/* Explicitly set a short poll timeout of 5 secs. */
sftp_ssh2_packet_set_poll_timeout(5);
if (sftp_ssh2_packet_write(sockfd, pkt) < 0) {
int xerrno = errno;
pr_trace_msg(trace_channel, 12,
"error writing DISCONNECT message: %s", strerror(xerrno));
}
destroy_pool(pkt->pool);
}
static void log_write(int priority, int f, char *s) {
unsigned int *max_priority = NULL;
char serverinfo[PR_TUNABLE_BUFFER_SIZE] = {'\0'};
memset(serverinfo, '\0', sizeof(serverinfo));
if (main_server &&
main_server->ServerFQDN) {
pr_netaddr_t *remote_addr = pr_netaddr_get_sess_remote_addr();
const char *remote_name = pr_netaddr_get_sess_remote_name();
snprintf(serverinfo, sizeof(serverinfo), "%s", main_server->ServerFQDN);
serverinfo[sizeof(serverinfo)-1] = '\0';
if (remote_addr && remote_name) {
snprintf(serverinfo + strlen(serverinfo),
sizeof(serverinfo) - strlen(serverinfo), " (%s[%s])",
remote_name, pr_netaddr_get_ipstr(remote_addr));
serverinfo[sizeof(serverinfo)-1] = '\0';
}
}
if (logstderr ||
!main_server) {
fprintf(stderr, "%s - %s\n", serverinfo, s);
return;
}
if (syslog_discard)
return;
if (systemlog_fd != -1) {
char buf[LOGBUFFER_SIZE] = {'\0'};
time_t tt = time(NULL);
struct tm *t;
t = localtime(&tt);
strftime(buf, sizeof(buf), "%b %d %H:%M:%S ", t);
buf[sizeof(buf) - 1] = '\0';
if (*serverinfo) {
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
"%s proftpd[%u] %s: %s\n", systemlog_host,
(unsigned int) getpid(), serverinfo, s);
} else {
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
"%s proftpd[%u]: %s\n", systemlog_host,
(unsigned int) getpid(), s);
}
buf[sizeof(buf) - 1] = '\0';
write(systemlog_fd, buf, strlen(buf));
return;
}
if (set_facility != -1)
f = set_facility;
if (!syslog_open) {
syslog_sockfd = pr_openlog("proftpd", LOG_NDELAY|LOG_PID, f);
} else if (f != facility) {
(void) pr_setlogfacility(f);
}
max_priority = get_param_ptr(main_server->conf, "SyslogLevel", FALSE);
if (max_priority != NULL &&
priority > *max_priority)
return;
if (*serverinfo)
pr_syslog(syslog_sockfd, priority, "%s - %s\n", serverinfo, s);
else
pr_syslog(syslog_sockfd, priority, "%s\n", s);
if (!syslog_open) {
pr_closelog(syslog_sockfd);
syslog_sockfd = -1;
} else if (f != facility) {
(void) pr_setlogfacility(f);
}
}
static void sess_cleanup(int flags) {
/* Clear the scoreboard entry. */
if (ServerType == SERVER_STANDALONE) {
/* For standalone daemons, we only clear the scoreboard slot if we are
* an exiting child process.
*/
if (!is_master) {
if (pr_scoreboard_entry_del(TRUE) < 0 &&
errno != EINVAL &&
errno != ENOENT) {
pr_log_debug(DEBUG1, "error deleting scoreboard entry: %s",
strerror(errno));
}
}
} else if (ServerType == SERVER_INETD) {
/* For inetd-spawned daemons, we always clear the scoreboard slot. */
if (pr_scoreboard_entry_del(TRUE) < 0 &&
errno != EINVAL &&
errno != ENOENT) {
pr_log_debug(DEBUG1, "error deleting scoreboard entry: %s",
strerror(errno));
}
}
/* If session.user is set, we have a valid login. */
if (session.user &&
session.wtmp_log) {
const char *sess_ttyname;
sess_ttyname = pr_session_get_ttyname(session.pool);
log_wtmp(sess_ttyname, "", pr_netaddr_get_sess_remote_name(),
pr_netaddr_get_sess_remote_addr());
}
/* These are necessary in order that cleanups associated with these pools
* (and their subpools) are properly run.
*/
if (session.d) {
pr_inet_close(session.pool, session.d);
session.d = NULL;
}
if (session.c) {
pr_inet_close(session.pool, session.c);
session.c = NULL;
}
/* Run all the exit handlers */
pr_event_generate("core.exit", NULL);
if (!is_master ||
(ServerType == SERVER_INETD &&
!(flags & PR_SESS_END_FL_SYNTAX_CHECK))) {
pr_log_pri(PR_LOG_INFO, "%s session closed.",
pr_session_get_protocol(PR_SESS_PROTO_FL_LOGOUT));
}
log_closesyslog();
}
