static enum EVSFPrivopLoginResult
handle_anonymous_login(struct vsf_session* p_sess,
const struct mystr* p_pass_str)
{
if (!str_isempty(&p_sess->banned_email_str) &&
str_contains_line(&p_sess->banned_email_str, p_pass_str))
{
return kVSFLoginFail;
}
if (!str_isempty(&p_sess->email_passwords_str) &&
(!str_contains_line(&p_sess->email_passwords_str, p_pass_str) ||
str_isempty(p_pass_str)))
{
return kVSFLoginFail;
}
/* Store the anonymous identity string */
str_copy(&p_sess->anon_pass_str, p_pass_str);
if (str_isempty(&p_sess->anon_pass_str))
{
str_alloc_text(&p_sess->anon_pass_str, "?");
}
/* "Fix" any characters which might upset the log processing */
str_replace_char(&p_sess->anon_pass_str, ' ', '_');
str_replace_char(&p_sess->anon_pass_str, '\n', '?');
{
struct mystr ftp_username_str = INIT_MYSTR;
str_alloc_text(&ftp_username_str, tunable_ftp_username);
setup_username_globals(p_sess, &ftp_username_str);
str_free(&ftp_username_str);
}
str_free(&p_sess->banned_email_str);
str_free(&p_sess->email_passwords_str);
return kVSFLoginAnon;
}
static void
handle_user_command(struct vsf_session* p_sess)
{
/* SECURITY: If we're in anonymous only-mode, immediately reject
* non-anonymous usernames in the hope we save passwords going plaintext
* over the network
*/
int is_anon = 1;
str_copy(&p_sess->user_str, &p_sess->ftp_arg_str);
str_upper(&p_sess->ftp_arg_str);
if (!str_equal_text(&p_sess->ftp_arg_str, "FTP") &&
!str_equal_text(&p_sess->ftp_arg_str, "ANONYMOUS"))
{
is_anon = 0;
}
if (!tunable_local_enable && !is_anon)
{
vsf_cmdio_write(
p_sess, FTP_LOGINERR, "This FTP server is anonymous only.");
str_empty(&p_sess->user_str);
return;
}
if (is_anon && p_sess->control_use_ssl && !tunable_allow_anon_ssl)
{
vsf_cmdio_write(
p_sess, FTP_LOGINERR, "Anonymous sessions may not use encryption.");
str_empty(&p_sess->user_str);
return;
}
if (tunable_ssl_enable && !is_anon && !p_sess->control_use_ssl &&
tunable_force_local_logins_ssl)
{
vsf_cmdio_write(
p_sess, FTP_LOGINERR, "Non-anonymous sessions must use encryption.");
str_empty(&p_sess->user_str);
return;
}
if (!str_isempty(&p_sess->userlist_str))
{
int located = str_contains_line(&p_sess->userlist_str, &p_sess->user_str);
if ((located && tunable_userlist_deny) ||
(!located && !tunable_userlist_deny))
{
vsf_cmdio_write(p_sess, FTP_LOGINERR, "Permission denied.");
str_empty(&p_sess->user_str);
return;
}
}
if (is_anon && tunable_no_anon_password)
{
/* Fake a password */
str_alloc_text(&p_sess->ftp_arg_str, "<no password>");
handle_pass_command(p_sess);
}
else
{
vsf_cmdio_write(p_sess, FTP_GIVEPWORD, "Please specify the password.");
}
}
static void
process_login_req(struct vsf_session* p_sess)
{
enum EVSFPrivopLoginResult e_login_result = kVSFLoginNull;
/* Blocks */
if (priv_sock_get_cmd(p_sess) != PRIV_SOCK_LOGIN)
{
die("bad request");
}
/* Get username and password - we must distrust these */
{
struct mystr password_str = INIT_MYSTR;
priv_sock_get_str(p_sess, &p_sess->user_str);
priv_sock_get_str(p_sess, &password_str);
e_login_result = vsf_privop_do_login(p_sess, &password_str);
str_free(&password_str);
}
switch (e_login_result)
{
case kVSFLoginFail:
priv_sock_send_result(p_sess, PRIV_SOCK_RESULT_BAD);
return;
break;
case kVSFLoginAnon:
str_alloc_text(&p_sess->user_str, tunable_ftp_username);
common_do_login(p_sess, &p_sess->user_str, 1, 1);
break;
case kVSFLoginReal:
{
int do_chroot = 0;
if (tunable_chroot_local_user)
{
do_chroot = 1;
}
if (tunable_chroot_list_enable)
{
struct mystr chroot_list_file = INIT_MYSTR;
int retval = str_fileread(&chroot_list_file,
tunable_chroot_list_file,
VSFTP_CONF_FILE_MAX);
if (vsf_sysutil_retval_is_error(retval))
{
die("cannot open chroot() user list file");
}
if (str_contains_line(&chroot_list_file, &p_sess->user_str))
{
if (do_chroot)
{
do_chroot = 0;
}
else
{
do_chroot = 1;
}
}
str_free(&chroot_list_file);
}
common_do_login(p_sess, &p_sess->user_str, do_chroot, 0);
}
break;
default:
bug("weird state in process_login_request");
break;
}
/* NOTREACHED */
}
//static Kitsune
void
process_login_req(struct vsf_session* p_sess)
{
enum EVSFPrivopLoginResult e_login_result = kVSFLoginNull;
char cmd;
if (!kitsune_is_updating()) { /* Kitsune */
vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD);
/* Blocks */
cmd = priv_sock_get_cmd(p_sess->parent_fd);
vsf_sysutil_block_sig(kVSFSysUtilSigCHLD);
if (cmd != PRIV_SOCK_LOGIN)
{
die("bad request");
}
}
/* Kitsune, update point */
kitsune_update("twoprocess.c");
/* Kitsune, allow updating from blocking loop */
vsf_sysutil_kitsune_set_update_point("twoprocess.c");
/* Get username and password - we must distrust these */
{
struct mystr password_str = INIT_MYSTR;
priv_sock_get_str(p_sess->parent_fd, &p_sess->user_str);
priv_sock_get_str(p_sess->parent_fd, &password_str);
p_sess->control_use_ssl = priv_sock_get_int(p_sess->parent_fd);
p_sess->data_use_ssl = priv_sock_get_int(p_sess->parent_fd);
if (!tunable_ssl_enable)
{
p_sess->control_use_ssl = 0;
p_sess->data_use_ssl = 0;
}
e_login_result = vsf_privop_do_login(p_sess, &password_str);
str_free(&password_str);
}
switch (e_login_result)
{
case kVSFLoginFail:
priv_sock_send_result(p_sess->parent_fd, PRIV_SOCK_RESULT_BAD);
return;
break;
case kVSFLoginAnon:
str_alloc_text(&p_sess->user_str, tunable_ftp_username);
common_do_login(p_sess, &p_sess->user_str, 1, 1);
break;
case kVSFLoginReal:
{
int do_chroot = 0;
if (tunable_chroot_local_user)
{
do_chroot = 1;
}
if (tunable_chroot_list_enable)
{
struct mystr chroot_list_file = INIT_MYSTR;
int retval = str_fileread(&chroot_list_file,
tunable_chroot_list_file,
VSFTP_CONF_FILE_MAX);
if (vsf_sysutil_retval_is_error(retval))
{
die2("could not open chroot() list file:",
tunable_chroot_list_file);
}
if (str_contains_line(&chroot_list_file, &p_sess->user_str))
{
if (do_chroot)
{
do_chroot = 0;
}
else
{
do_chroot = 1;
}
}
str_free(&chroot_list_file);
}
common_do_login(p_sess, &p_sess->user_str, do_chroot, 0);
}
break;
default:
bug("weird state in process_login_request");
break;
}
/* NOTREACHED */
}
