1 /*
2  * ProFTPD: mod_ctrls -- a module implementing the ftpdctl local socket
3  *                       server
4  * Copyright (c) 2000-2016 The ProFTPD Project team
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA.
19  *
20  * As a special exemption, TJ Saunders and other respective copyright holders
21  * give permission to link this program with OpenSSL, and distribute the
22  * resulting executable, without including the source code for OpenSSL in the
23  * source distribution.
24  *
25  * This is mod_ctrls, contrib software for proftpd 1.2 and above.
26  * For more information contact TJ Saunders <tj@castaglia.org>.
27  */
28 
29 #ifndef MOD_CTRLS_H
30 #define MOD_CTRLS_H
31 
32 #include <signal.h>
33 #include "conf.h"
34 
35 # ifdef PR_USE_CTRLS
36 
37 /* Controls access control objects */
38 
39 typedef struct {
40   unsigned char allow;
41   unsigned int nuids;
42   uid_t *uids;
43 } ctrls_usr_acl_t;
44 
45 typedef struct {
46   unsigned char allow;
47   unsigned int ngids;
48   gid_t *gids;
49 } ctrls_grp_acl_t;
50 
51 typedef struct {
52   pool *acl_pool;
53   ctrls_usr_acl_t acl_usrs;
54   ctrls_grp_acl_t acl_grps;
55 } ctrls_acl_t;
56 
57 typedef struct {
58   const char *act_action;
59   const char *act_desc;
60   ctrls_acl_t *act_acl;
61   int (*act_cb)(pr_ctrls_t *, int, char **);
62 } ctrls_acttab_t;
63 
64 unsigned char pr_ctrls_check_group_acl(gid_t, const ctrls_grp_acl_t *);
65 unsigned char pr_ctrls_check_user_acl(uid_t, const ctrls_usr_acl_t *);
66 
67 /* Returns TRUE if use of ctrl named by action is allowed by the user or group
68  * ACL, FALSE otherwise.  The ACLs associated with the given action are
69  * looked up in the given table.  The default is to deny everyone, unless an
70  * ACL has been configured to allow them.
71  */
72 unsigned char pr_ctrls_check_acl(const pr_ctrls_t *ctrl,
73   const ctrls_acttab_t *ctrls_acttab, const char *action);
74 
75 /* Initialize an ctrls_acl_t object. */
76 void pr_ctrls_init_acl(ctrls_acl_t *acl);
77 
78 char **pr_ctrls_parse_acl(pool *acl_pool, char *acl_str);
79 
80 void pr_ctrls_set_group_acl(pool *, ctrls_grp_acl_t *, const char *, char *);
81 void pr_ctrls_set_user_acl(pool *, ctrls_usr_acl_t *, const char *, char *);
82 
83 /* Configures the ACLs for the actions implemented in a Controls module. */
84 char *pr_ctrls_set_module_acls(ctrls_acttab_t *ctrls_acttab, pool *acl_pool,
85   char **actions, const char *allow, const char *type, char *list);
86 
87 /* Unregisters a module's actions according to the configured list. */
88 char *pr_ctrls_unregister_module_actions(ctrls_acttab_t *ctrls_acttab,
89   char **actions, module *mod);
90 
91 /* Set the file descriptor that the Controls API should use for logging. */
92 int pr_ctrls_set_logfd(int fd);
93 
94 /* Logs into a mod_ctrls-specific log file. */
95 int pr_ctrls_log(const char *module_version, const char *fmt, ...)
96 #ifdef __GNUC__
97        __attribute__ ((format (printf, 2, 3)));
98 #else
99        ;
100 #endif
101 
102 # endif /* PR_USE_CTRLS */
103 #endif /* MOD_CTRLS_H */
104