static int mavis_send_in(mavis_ctx * mcx, av_ctx ** ac) { char *t, *u; DebugIn(DEBUG_MAVIS); t = av_get(*ac, AV_A_TYPE); u = av_get(*ac, AV_A_USER); if (strcmp(t, AV_V_TYPE_FTP) || (strcasecmp(u, "ftp") && strcasecmp(u, "anonymous"))) { Debug((DEBUG_MAVIS, "- %s = MAVIS_DOWN (no anon ftp)\n", __func__)); return MAVIS_DOWN; } av_set(*ac, AV_A_RESULT, AV_V_RESULT_OK); av_setf(*ac, AV_A_UID, "%d", (int) mcx->uid); av_setf(*ac, AV_A_GID, "%d", (int) mcx->gid); av_set(*ac, AV_A_HOME, mcx->home); av_set(*ac, AV_A_ROOT, mcx->root); av_set(*ac, AV_A_FTP_ANONYMOUS, AV_V_BOOL_TRUE); if (mcx->incoming) av_set(*ac, AV_A_ANON_INCOMING, mcx->incoming); if ((t = av_get(*ac, AV_A_PASSWORD))) av_set(*ac, AV_A_EMAIL, t); Debug((DEBUG_MAVIS, "- %s = MAVIS_FINAL\n", __func__)); return MAVIS_FINAL; }
static void find_ssluser(av_ctx * ac, int fn, char *user) { char inbuf[8192]; size_t offset = 0; ssize_t inlength; char *linestart = inbuf; char *lineend; while ((inlength = Read(fn, inbuf + offset, sizeof(inbuf) - 1 - offset)) > 0) { inlength += offset; inbuf[inlength] = 0; linestart = inbuf; while ((lineend = strchr(linestart, '\n'))) { *lineend = 0; if (*linestart != '#') { char *subj = strchr(linestart, ':'); if (subj) { char *s = linestart; char *t; *subj++ = 0; for (t = strtok(s, ","); t; t = strtok(NULL, ",")) if (!strcmp(user, t)) { char *a = av_get(ac, AV_A_DBCERTSUBJ); if (a) av_setf(ac, AV_A_DBCERTSUBJ, "%s\r%s", a, subj); else av_set(ac, AV_A_DBCERTSUBJ, subj); break /* out of for-loop */ ; } } } linestart = lineend + 1; } offset = inbuf + inlength - linestart; if (offset) memmove(inbuf, linestart, offset); } }
static int mavis_send_in(mavis_ctx * mcx, av_ctx ** ac) { struct passwd *pw; char *t, *u, *p, *m; char buf[1024]; t = av_get(*ac, AV_A_TYPE); u = av_get(*ac, AV_A_USER); p = av_get(*ac, AV_A_PASSWORD); if (strcmp(t, AV_V_TYPE_FTP)) return MAVIS_DOWN; /* no VHOST support yet */ m = av_get(*ac, AV_A_FTP_ANONYMOUS); if (m && !strcmp(m, AV_V_BOOL_TRUE)) return MAVIS_DOWN; if (mcx->honour_ftpusers && !valid_user(mcx, u)) { av_set(*ac, AV_A_COMMENT, "user found in ftpusers file"); av_set(*ac, AV_A_RESULT, AV_V_RESULT_FAIL); return MAVIS_FINAL; } #ifdef HAVE_SHADOWPWD if (!mcx->passwordfile) { struct spwd *spw; uid_t uid; uid = geteuid(); seteuid(0); spw = getspnam(u); seteuid(uid); if (!spw) return MAVIS_DOWN; if (strcmp(spw->sp_pwdp, mcx->crypt(p, spw->sp_pwdp))) { av_set(*ac, AV_A_COMMENT, "password mismatch"); av_unset(*ac, AV_A_DBPASSWORD); } else av_set(*ac, AV_A_DBPASSWORD, p); pw = getpwnam(u); if (!pw) { av_set(*ac, AV_A_COMMENT, "user not found in password file"); av_set(*ac, AV_A_RESULT, AV_V_RESULT_FAIL); return MAVIS_FINAL; } } else #endif /* HAVE_SHADOWPWD */ { int f; f = open(mcx->passwordfile, O_RDONLY); if (f < 0) { av_set(*ac, AV_A_COMMENT, "error opening password file"); av_set(*ac, AV_A_RESULT, AV_V_RESULT_ERROR); return MAVIS_DOWN; } pw = get_pwent(mcx, f, u); close(f); if (!pw) return MAVIS_DOWN; #undef crypt /* may be set by openssl include stuff */ if (strcmp(pw->pw_passwd, mcx->crypt(p, pw->pw_passwd))) { av_set(*ac, AV_A_COMMENT, "password mismatch"); av_unset(*ac, AV_A_DBPASSWORD); } else av_set(*ac, AV_A_DBPASSWORD, p); } if (mcx->require_valid_shell && (!pw->pw_shell || !valid_shell(mcx, pw->pw_shell))) { av_set(*ac, AV_A_COMMENT, "invalid shell"); av_set(*ac, AV_A_RESULT, AV_V_RESULT_FAIL); return MAVIS_FINAL; } if (!pw->pw_dir) { av_set(*ac, AV_A_COMMENT, "home dir not set"); av_set(*ac, AV_A_RESULT, AV_V_RESULT_FAIL); return MAVIS_FINAL; } av_setf(*ac, AV_A_UID, "%lu", (u_long) pw->pw_uid); av_setf(*ac, AV_A_GID, "%lu", (u_long) pw->pw_gid); /* attempt to get supplemental groups */ av_set(*ac, AV_A_GIDS, groups_getlist(pw->pw_name, pw->pw_gid, buf, sizeof(buf))); if (mcx->ftp_chroot) { char *tp = strstr(pw->pw_dir, "/./"); if (tp) { *tp = 0; av_set(*ac, AV_A_HOME, tp + 2); } else av_set(*ac, AV_A_HOME, "/"); av_set(*ac, AV_A_ROOT, pw->pw_dir); } else { av_set(*ac, AV_A_HOME, pw->pw_dir); av_set(*ac, AV_A_ROOT, "/"); } if (mcx->lookup_sslusers) lookup_ssluser(mcx, *ac, u); return MAVIS_FINAL; }
static int mavis_send_in(mavis_ctx * mcx, av_ctx ** ac) { struct passwd *pw; char *t, *u, *p, *m; uid_t uid; int res; t = av_get(*ac, AV_A_TYPE); u = av_get(*ac, AV_A_USER); p = av_get(*ac, AV_A_PASSWORD); if (strcmp(t, AV_V_TYPE_FTP)) return MAVIS_DOWN; /* no VHOST support yet */ m = av_get(*ac, AV_A_FTP_ANONYMOUS); if (m && !strcmp(m, AV_V_BOOL_TRUE)) return MAVIS_DOWN; if (!(pw = getpwnam(u))) return MAVIS_DOWN; if (!pw->pw_dir) { av_set(*ac, AV_A_COMMENT, "home dir not set"); av_set(*ac, AV_A_RESULT, AV_V_RESULT_FAIL); return MAVIS_FINAL; } uid = geteuid(); seteuid(0); res = check_auth(mcx, u, p); seteuid(uid); /* The PAM routines may have spoiled our logging identity. */ logopen(); if (res) { char buf[1024]; av_set(*ac, AV_A_DBPASSWORD, p); av_setf(*ac, AV_A_UID, "%lu", (u_long) pw->pw_uid); av_setf(*ac, AV_A_GID, "%lu", (u_long) pw->pw_gid); /* attempt to get supplemental groups */ av_set(*ac, AV_A_GIDS, groups_getlist(pw->pw_name, pw->pw_gid, buf, sizeof(buf))); if (mcx->ftp_chroot) { t = strstr(pw->pw_dir, "/./"); if (t) { *t = 0; av_set(*ac, AV_A_HOME, t + 2); } else av_set(*ac, AV_A_HOME, "/"); av_set(*ac, AV_A_ROOT, pw->pw_dir); } else { av_set(*ac, AV_A_HOME, pw->pw_dir); av_set(*ac, AV_A_ROOT, "/"); } } else av_set(*ac, AV_A_RESULT, AV_V_RESULT_FAIL); return MAVIS_FINAL; }