1 #ifndef __FTPD_P_H__ 2 #define __FTPD_P_H__ 1 3 4 #include "ftpd.h" 5 #include "log_unix.h" 6 #ifdef USE_PAM 7 # include "log_pam.h" 8 #endif 9 #ifdef WITH_LDAP 10 # include "log_ldap.h" 11 #endif 12 #ifdef WITH_MYSQL 13 # include "log_mysql.h" 14 #endif 15 #ifdef WITH_PGSQL 16 # include "log_pgsql.h" 17 #endif 18 #ifdef WITH_PUREDB 19 # include "log_puredb.h" 20 #endif 21 #ifdef WITH_EXTAUTH 22 # include "log_extauth.h" 23 #endif 24 25 #ifndef HAVE_GETOPT_LONG 26 # include "bsd-getopt_long.h" 27 #else 28 # include <getopt.h> 29 #endif 30 31 #ifdef HAVE_SYS_WAIT_H 32 # include <sys/wait.h> 33 #endif 34 35 #define DEFAULT_BACKLOG 42 36 #define DEFAULT_BACKLOG_DATA 8 37 #define NICE_VALUE 10 38 #define THROTTLING_UNIT 10000UL 39 #define MAX_GROUPS 256 40 #define MAX_PASSWD_TRIES 5 /* Abort after 5 authentication failures */ 41 #define PASSWD_FAILURE_DELAY (3UL*1000000UL) /* Delay after each failure */ 42 #define MAX_DIRSCAN_TRIES 50 /* Abort after 50 chdir failures */ 43 #define DIRSCAN_FAILURE_DELAY (100000UL) /* Delay after each chdir failure */ 44 #define ASCII_CHUNKSIZE 65536U 45 #define BANNER_MAXLINES 100 46 #define MAX_SERVER_REPLY_LEN (PATH_MAX + (size_t) 50U) 47 48 #ifndef NO_STANDALONE 49 static volatile sig_atomic_t stop_server; 50 static const char *standalone_port = DEFAULT_FTP_PORT_S; 51 static const char *standalone_ip; 52 static volatile unsigned int nb_children; 53 static volatile int listenfd = -1; 54 static volatile int listenfd6 = -1; 55 #endif 56 57 struct reply { 58 struct reply *next; 59 char line[1]; 60 }; 61 62 static const char *GETOPT_OPTIONS = 63 "0146" 64 "Aa:bc:" 65 #ifndef NO_STANDALONE 66 "BC:" 67 #endif 68 "dDeEf:" 69 #ifdef COOKIE 70 "F:" 71 #endif 72 #ifndef NO_STANDALONE 73 "g:" 74 #endif 75 "GhHiI:jk:Kl:L:Mm:N" 76 #ifdef QUOTAS 77 "n:" 78 #endif 79 #ifdef WITH_UPLOAD_SCRIPT 80 "o" 81 #endif 82 #ifdef WITH_ALTLOG 83 "O:" 84 #endif 85 "p:P:" 86 #ifdef RATIOS 87 "q:Q:" 88 #endif 89 "rRs" 90 #ifndef NO_STANDALONE 91 "S:" 92 #endif 93 #ifdef THROTTLING 94 "t:T:" 95 #endif 96 "u:U:" 97 #ifdef WITH_VIRTUAL_HOSTS 98 "V:" 99 #endif 100 "wWxX" 101 #ifdef WITH_OSX_BONJOUR 102 "v:" 103 #endif 104 #ifdef PER_USER_LIMITS 105 "y:" 106 #endif 107 #ifdef WITH_TLS 108 "2:3:Y:J:" 109 #endif 110 "zZ"; 111 112 #ifndef NO_GETOPT_LONG 113 static struct option long_options[] = { 114 { "notruncate", 0, NULL, '0' }, 115 { "logpid", 0, NULL, '1' }, 116 # ifdef WITH_TLS 117 { "certfile", 1, NULL, '2' }, 118 { "extcert", 1, NULL, '3' }, 119 # endif 120 { "ipv4only", 0, NULL, '4' }, 121 { "ipv6only", 0, NULL, '6' }, 122 { "chrooteveryone", 0, NULL, 'A' }, 123 { "trustedgid", 1, NULL, 'a' }, 124 { "brokenclientscompatibility", 0, NULL, 'b' }, 125 # ifndef NO_STANDALONE 126 { "daemonize", 0, NULL, 'B' }, 127 { "maxclientsperip", 1, NULL, 'C' }, 128 # endif 129 { "maxclientsnumber", 1, NULL, 'c' }, 130 { "verboselog", 0, NULL, 'd' }, 131 { "displaydotfiles", 0, NULL, 'D' }, 132 { "anonymousonly", 0, NULL, 'e' }, 133 { "noanonymous", 0, NULL, 'E' }, 134 { "syslogfacility", 1, NULL, 'f' }, 135 # ifdef COOKIE 136 { "fortunesfile", 1, NULL, 'F' }, 137 # endif 138 # ifndef NO_STANDALONE 139 { "pidfile", 1, NULL, 'g' }, 140 # endif 141 { "norename", 0, NULL, 'G' }, 142 { "help", 0, NULL, 'h' }, 143 { "dontresolve", 0, NULL, 'H' }, 144 { "maxidletime", 1, NULL, 'I' }, 145 { "anonymouscantupload", 0, NULL, 'i' }, 146 { "createhomedir", 0, NULL, 'j' }, 147 { "keepallfiles", 0, NULL, 'K' }, 148 { "maxdiskusagepct", 1, NULL, 'k' }, 149 { "login", 1, NULL, 'l' }, 150 { "limitrecursion", 1, NULL, 'L' }, 151 { "anonymouscancreatedirs", 0, NULL, 'M' }, 152 { "maxload", 1, NULL, 'm' }, 153 { "natmode", 0, NULL, 'N' }, 154 # ifdef QUOTAS 155 { "quota", 1, NULL, 'n' }, 156 # endif 157 # ifdef WITH_UPLOAD_SCRIPT 158 { "uploadscript", 0, NULL, 'o' }, 159 # endif 160 # ifdef WITH_ALTLOG 161 { "altlog", 1, NULL, 'O' }, 162 # endif 163 { "passiveportrange", 1, NULL, 'p' }, 164 { "forcepassiveip", 1, NULL, 'P' }, 165 # ifdef RATIOS 166 { "anonymousratio", 1, NULL, 'q' }, 167 { "userratio", 1, NULL, 'Q' }, 168 # endif 169 { "autorename", 0, NULL, 'r' }, 170 { "nochmod", 0, NULL, 'R' }, 171 { "antiwarez", 0, NULL, 's' }, 172 # ifndef NO_STANDALONE 173 { "bind", 1, NULL, 'S' }, 174 # endif 175 # ifdef THROTTLING 176 { "anonymousbandwidth", 1, NULL, 't' }, 177 { "userbandwidth", 1, NULL, 'T' }, 178 # endif 179 { "umask", 1, NULL, 'U' }, 180 { "minuid", 1, NULL, 'u' }, 181 # ifdef WITH_VIRTUAL_HOSTS 182 { "trustedip", 1, NULL, 'V' }, 183 # endif 184 # ifdef WITH_OSX_BONJOUR 185 { "bonjour", 1, NULL, 'v' }, 186 # endif 187 { "allowuserfxp", 0, NULL, 'w' }, 188 { "allowanonymousfxp", 0, NULL, 'W' }, 189 { "prohibitdotfileswrite", 0, NULL, 'x' }, 190 { "prohibitdotfilesread", 0, NULL, 'X' }, 191 # ifdef PER_USER_LIMITS 192 { "peruserlimits", 1, NULL, 'y' }, 193 # endif 194 # ifdef WITH_TLS 195 { "tls", 1, NULL, 'Y' }, 196 { "tlsciphersuite", 1, NULL, 'J' }, 197 # endif 198 { "allowdotfiles", 0, NULL, 'z' }, 199 { "customerproof", 0, NULL, 'Z' }, 200 { NULL, 0, NULL, 0 } 201 }; 202 203 #endif 204 205 #ifdef WITH_ALTLOG 206 static const AltLogPrefixes altlogprefixes[] = { 207 { "clf", ALTLOG_CLF }, 208 { "stats", ALTLOG_STATS }, 209 { "w3c", ALTLOG_W3C }, 210 { "xferlog", ALTLOG_XFERLOG }, 211 { NULL, ALTLOG_NONE } 212 }; 213 214 # define ALTLOG_DELIMITER ':' 215 # define ALTLOG_DEFAULT ALTLOG_CLF 216 #endif 217 218 #ifndef WITHOUT_PRIVSEP 219 # define VERSION_PRIVSEP " [privsep]" 220 #else 221 # define VERSION_PRIVSEP "" 222 #endif 223 224 #ifdef WITH_TLS 225 # define VERSION_TLS " [TLS]" 226 #else 227 # define VERSION_TLS "" 228 #endif 229 230 static sigset_t old_sigmask; 231 232 #ifndef NO_PROCNAME_CHANGE 233 # if defined(__linux__) && !defined(HAVE_SETPROCTITLE) 234 static char **argv0; 235 static size_t argv_lth; 236 # endif 237 #endif 238 239 /* 240 * An authentication handler has three functions: 241 * - One - parse() - is called with an optional file name, that contains a 242 * configuration file, or whatever is passed in the -l command-line switch 243 * for this authentication. 244 * - Another one, check() is called when the user has entered his password. 245 * It should fill an AuthResult structure. 246 * - The last one - exit() - is called when the session is closed, and 247 * should free all internal allocated structures. 248 */ 249 250 typedef struct Authentication_ { 251 const char * name; 252 void (* parse)(const char * const file); 253 void (* check)(AuthResult * const result, 254 const char *account, const char *password, 255 const struct sockaddr_storage * const sa, 256 const struct sockaddr_storage * const peer); 257 void (* exit)(void); 258 } Authentication; 259 260 static Authentication auth_list[] = { 261 { "unix", pw_unix_parse, pw_unix_check, pw_unix_exit }, /* 0 */ 262 #ifdef USE_PAM 263 { "pam", pw_pam_parse, pw_pam_check, pw_pam_exit }, /* 1 */ 264 #endif 265 #ifdef WITH_MYSQL 266 { "mysql", pw_mysql_parse, pw_mysql_check, pw_mysql_exit }, /* 2 */ 267 #endif 268 #ifdef WITH_PGSQL 269 { "pgsql", pw_pgsql_parse, pw_pgsql_check, pw_pgsql_exit }, /* 3 */ 270 #endif 271 #ifdef WITH_LDAP 272 { "ldap", pw_ldap_parse, pw_ldap_check, pw_ldap_exit }, /* 4 */ 273 #endif 274 #ifdef WITH_PUREDB 275 { "puredb", pw_puredb_parse, pw_puredb_check, pw_puredb_exit }, /* 5 */ 276 #endif 277 #ifdef WITH_EXTAUTH 278 { "extauth", pw_extauth_parse, pw_extauth_check, pw_extauth_exit }, /* 6 */ 279 #endif 280 { NULL, NULL, NULL, NULL } 281 }; 282 283 #ifdef USE_PAM 284 # define DEFAULT_AUTHENTICATION (&auth_list[1]) /* pam */ 285 #else 286 # define DEFAULT_AUTHENTICATION (&auth_list[0]) /* unix */ 287 #endif 288 289 typedef struct Authentications_ { 290 const Authentication *auth; 291 char *conf_file; 292 struct Authentications_ *next; 293 } Authentications; 294 295 static Authentications *first_authentications, *last_authentications; 296 297 typedef struct DLHandler_ { 298 int clientfd; 299 void *tls_clientfd; 300 int xferfd; 301 int f; 302 void *tls_fd; 303 off_t file_size; 304 size_t dlmap_size; 305 off_t cur_pos; 306 off_t chunk_size; 307 off_t min_chunk_size; 308 off_t default_chunk_size; 309 off_t max_chunk_size; 310 off_t dlmap_pos; 311 off_t dlmap_fdpos; 312 off_t total_downloaded; 313 size_t sizeof_map; 314 unsigned char *map; 315 unsigned char *map_data; 316 int ascii_mode; 317 double min_sleep; 318 double max_sleep; 319 unsigned long bandwidth; 320 struct pollfd pfds_f_in; 321 } DLHandler; 322 323 typedef struct ULHandler_ { 324 unsigned char *buf; 325 size_t sizeof_buf; 326 int clientfd; 327 void *tls_clientfd; 328 int xferfd; 329 void *tls_fd; 330 int f; 331 off_t cur_pos; 332 off_t chunk_size; 333 off_t min_chunk_size; 334 off_t default_chunk_size; 335 off_t max_chunk_size; 336 off_t total_uploaded; 337 int ascii_mode; 338 double min_sleep; 339 double max_sleep; 340 unsigned long bandwidth; 341 off_t max_filesize; 342 unsigned long idletime; 343 struct pollfd pfds[2]; 344 struct pollfd pfds_command; 345 } ULHandler; 346 347 #define PFD_DATA 0 348 #define PFD_COMMANDS 1 349 350 #if defined(WIN32) || defined(_WIN32) || defined(__WIN32__) || defined (__CYGWIN__) 351 static struct passwd *fakegetpwnam(const char * const name); 352 # define getpwnam(A) fakegetpwnam(A) 353 # define getpwuid(A) fakegetpwnam(NULL) 354 #endif 355 #define NON_ROOT_ANON_DIR "/ftp" 356 357 #ifdef PROBE_RANDOM_AT_RUNTIME 358 static const char *random_device; 359 #endif 360 361 static struct reply *firstreply; 362 static struct reply *lastreply; 363 364 #endif 365