Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/libexec/ftpd * add support for optional groupglob in ftpuser...
details: https://anonhg.NetBSD.org/src/rev/12e255d85419
branches: trunk
changeset: 479794:12e255d85419
user: lukem <lukem%NetBSD.org@localhost>
date: Tue Dec 21 12:56:15 1999 +0000
description:
* add support for optional groupglob in ftpuser entry. the syntax is now:
userglob[:groupglob][@host] [directive [class]]
* append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
diffstat:
libexec/ftpd/ftpd.c | 75 +++++++++++++++++++++++++++++++++++++++---------
libexec/ftpd/ftpusers.5 | 47 +++++++++++++++++++-----------
2 files changed, 91 insertions(+), 31 deletions(-)
diffs (244 lines):
diff -r 3c68856439d8 -r 12e255d85419 libexec/ftpd/ftpd.c
--- a/libexec/ftpd/ftpd.c Tue Dec 21 12:52:18 1999 +0000
+++ b/libexec/ftpd/ftpd.c Tue Dec 21 12:56:15 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ftpd.c,v 1.80 1999/12/19 00:09:31 lukem Exp $ */
+/* $NetBSD: ftpd.c,v 1.81 1999/12/21 12:56:15 lukem Exp $ */
/*
* Copyright (c) 1997-1999 The NetBSD Foundation, Inc.
@@ -109,7 +109,7 @@
#if 0
static char sccsid[] = "@(#)ftpd.c 8.5 (Berkeley) 4/28/95";
#else
-__RCSID("$NetBSD: ftpd.c,v 1.80 1999/12/19 00:09:31 lukem Exp $");
+__RCSID("$NetBSD: ftpd.c,v 1.81 1999/12/21 12:56:15 lukem Exp $");
#endif
#endif /* not lint */
@@ -138,6 +138,7 @@
#include <fcntl.h>
#include <fnmatch.h>
#include <glob.h>
+#include <grp.h>
#include <limits.h>
#include <netdb.h>
#include <pwd.h>
@@ -240,6 +241,11 @@
char proctitle[BUFSIZ]; /* initial part of title */
#endif /* HASSETPROCTITLE */
+#define CURCLASSTYPE curclass.type == CLASS_GUEST ? "GUEST" : \
+ curclass.type == CLASS_CHROOT ? "CHROOT" : \
+ curclass.type == CLASS_REAL ? "REAL" : \
+ "<unknown>"
+
static void ack __P((const char *));
static void myoob __P((int));
static int checkuser __P((const char *, const char *, int, int, char **));
@@ -290,6 +296,7 @@
break;
case 'C':
+ pw = sgetpwnam(optarg);
exit(checkaccess(optarg) ? 0 : 1);
/* NOTREACHED */
@@ -552,15 +559,17 @@
curclass.type = CLASS_REAL;
if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
- if (! checkaccess("ftp") && ! checkaccess("anonymous"))
+ /* need `pw' setup for checkaccess() and checkuser () */
+ if ((pw = sgetpwnam("ftp")) == NULL)
+ reply(530, "User %s unknown.", name);
+ else if (! checkaccess("ftp") && ! checkaccess("anonymous"))
reply(530, "User %s access denied.", name);
- else if ((pw = sgetpwnam("ftp")) != NULL) {
+ else {
curclass.type = CLASS_GUEST;
askpasswd = 1;
reply(331,
"Guest login ok, type your name as password.");
- } else
- reply(530, "User %s unknown.", name);
+ }
if (!askpasswd && logging)
syslog(LOG_NOTICE,
"ANONYMOUS FTP LOGIN REFUSED FROM %s", remotehost);
@@ -610,6 +619,8 @@
* Any line starting with `#' is considered a comment and ignored.
*
* Returns 0 if the user is denied, or 1 if they are allowed.
+ *
+ * NOTE: needs struct passwd *pw setup before use.
*/
int
checkuser(fname, name, def, nofile, retclass)
@@ -678,6 +689,38 @@
continue;
}
+ /* have a group specifier */
+ if ((p = strchr(glob, ':')) != NULL) {
+ gid_t *groups, *ng;
+ int gsize, i, found;
+
+ *p++ = '\0';
+ groups = NULL;
+ gsize = 16;
+ do {
+ ng = realloc(groups, gsize * sizeof(gid_t));
+ if (ng == NULL)
+ fatal(
+ "Local resource failure: realloc");
+ groups = ng;
+ } while (getgrouplist(pw->pw_name, pw->pw_gid,
+ groups, &gsize) == -1);
+ found = 0;
+ for (i = 0; i < gsize; i++) {
+ struct group *g;
+
+ if ((g = getgrgid(groups[i])) == NULL)
+ continue;
+ if (fnmatch(p, g->gr_name, 0) == 0) {
+ found = 1;
+ break;
+ }
+ }
+ free(groups);
+ if (!found)
+ continue;
+ }
+
/* check against username glob */
if (fnmatch(glob, name, 0) != 0)
continue;
@@ -704,6 +747,8 @@
/*
* Check if user is allowed by /etc/ftpusers
* returns 1 for yes, 0 for no
+ *
+ * NOTE: needs struct passwd *pw setup (for checkuser())
*/
int
checkaccess(name)
@@ -940,8 +985,10 @@
setproctitle(proctitle);
#endif /* HASSETPROCTITLE */
if (logging)
- syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s, %s",
- remotehost, passwd);
+ syslog(LOG_INFO,
+ "ANONYMOUS FTP LOGIN FROM %s, %s (class: %s, type: %s)",
+ remotehost, passwd,
+ curclass.classname, CURCLASSTYPE);
} else {
reply(230, "User %s logged in.", pw->pw_name);
#ifdef HASSETPROCTITLE
@@ -950,8 +997,10 @@
setproctitle(proctitle);
#endif /* HASSETPROCTITLE */
if (logging)
- syslog(LOG_INFO, "FTP LOGIN FROM %s as %s",
- remotehost, pw->pw_name);
+ syslog(LOG_INFO,
+ "FTP LOGIN FROM %s as %s (class: %s, type: %s)",
+ remotehost, pw->pw_name,
+ curclass.classname, CURCLASSTYPE);
}
(void) umask(curclass.umask);
goto cleanuppass;
@@ -1845,10 +1894,8 @@
struct ftpconv *cp;
lreply(0, "");
- lreply(0, "Class: %s, class type: %s", curclass.classname,
- curclass.type == CLASS_GUEST ? "GUEST" :
- curclass.type == CLASS_CHROOT ? "CHROOT" :
- curclass.type == CLASS_REAL ? "REAL" : "<unknown>");
+ lreply(0, "Class: %s, type: %s",
+ curclass.classname, CURCLASSTYPE);
lreply(0, "Check PORT/LPRT commands: %sabled",
curclass.checkportcmd ? "en" : "dis");
if (curclass.display != NULL)
diff -r 3c68856439d8 -r 12e255d85419 libexec/ftpd/ftpusers.5
--- a/libexec/ftpd/ftpusers.5 Tue Dec 21 12:52:18 1999 +0000
+++ b/libexec/ftpd/ftpusers.5 Tue Dec 21 12:56:15 1999 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: ftpusers.5,v 1.3 1999/12/18 05:51:35 lukem Exp $
+.\" $NetBSD: ftpusers.5,v 1.4 1999/12/21 12:56:15 lukem Exp $
.\"
.\" Copyright (c) 1997-1999 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -34,7 +34,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd December 16, 1999
+.Dd December 21, 1999
.Dt FTPUSERS 5
.Os
.Sh NAME
@@ -65,22 +65,34 @@
line are ignored (unless it is escaped with the escape character).
.Pp
The syntax of each line is:
-.Dl userglob[@host] [directive [class]]
.Pp
-.Sy userglob
-is matched against the username, using
-.Xr fnmatch 3
-glob matching.
+.Dl userglob[:groupglob][@host] [directive [class]]
.Pp
-.Sy host
-may be either a CIDR address (refer to
+These elements are:
+.Bl -tag -width "groupglob" -offset indent
+.It Sy userglob
+matched against the username, using
+.Xr fnmatch 3
+glob matching
+(e.g,
+.Sq f* ) .
+.It Sy groupglob
+matched against all the groups that the user is a member of, using
+.Xr fnmatch 3
+glob matching
+(e.g,
+.Sq *src ) .
+.It Sy host
+either a CIDR address (refer to
.Xr inet_net_pton 3 )
-to match against the remote address,
-or a glob to match against the remote hostname.
-.Pp
-If
-.Sy directive
-is given, it may be one of
+to match against the remote address
+(e.g,
+.Sq 1.2.3.4/24 ) ,
+or a glob to match against the remote hostname
+(e.g,
+.Sq *.netbsd.org ) .
+.It Sy directive
+one of
.Dq allow ,
.Dq yes ,
.Dq deny ,
@@ -89,10 +101,11 @@
If
.Sy directive
is not given, the user is denied access.
-.Pp
-.Sy class
+.It Sy class
defines the class to use in
.Xr ftpd.conf 8 .
+.El
+.Pp
If
.Sy class
is not given, it defaults to one of the following:
Home |
Main Index |
Thread Index |
Old Index