components/proftpd/mod_solaris_priv.c
author tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
Mon, 27 Feb 2012 10:14:30 -0800
changeset 707 5953149bd743
parent 619 7e9d43a6a553
child 718 480dcaab9d63
permissions -rw-r--r--
7130322 proftpd in the default configuration does not have required privileges
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
     1
/*
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
     2
 * ProFTPD - FTP server daemon
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
     3
 * Copyright (c) 1997, 1998 Public Flood Software
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
     4
 * Copyright (c) 2003-2010 The ProFTPD Project team
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
     5
 * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
     6
 *
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
     7
 * This program is free software; you can redistribute it and/or modify
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
     8
 * it under the terms of the GNU General Public License as published by
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
     9
 * the Free Software Foundation; either version 2 of the License, or
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    10
 * (at your option) any later version.
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    11
 *
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    12
 * This program is distributed in the hope that it will be useful,
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    13
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    15
 * GNU General Public License for more details.
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    16
 *
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    17
 * You should have received a copy of the GNU General Public License
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    18
 * along with this program; if not, write to the Free Software
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    19
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA.
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    20
 *
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    21
 * As a special exemption, the copyright holders give permission to link
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    22
 * this program with OpenSSL and distribute the resulting executable without
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    23
 * including the source code for OpenSSL in the source distribution.
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    24
 */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    25
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    26
/* Use Solaris privileges to severely limit root's access. After user
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    27
 * authentication, this module _completely_ gives up most privileges,
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    28
 * except for the * bare minimum functionality that is required. 
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    29
 * VERY highly recommended for security-consious admins.
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    30
 *
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    31
 * The concept of this was copied from the Linux mod_cap.  Solaris
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    32
 * also has the concept of basic privileges that we can take away to further
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    33
 * restrict a process lower than what a normal user process can do, this
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    34
 * module removes some of those as well.
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    35
 */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    36
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    37
#include <stdio.h>
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    38
#include <stdlib.h>
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    39
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    40
#include <priv.h>
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    41
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    42
#include "conf.h"
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    43
#include "privs.h"
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    44
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    45
#define MOD_SOLARIS_PRIV_VERSION	"mod_solaris_priv/1.0"
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    46
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    47
/* Configuration handlers
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    48
 */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    49
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    50
#define	PRIV_USE_FILE_CHOWN		0x0001
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    51
#define	PRIV_USE_FILE_CHOWN_SELF	0x0002
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    52
#define	PRIV_USE_DAC_READ		0x0004
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    53
#define	PRIV_USE_DAC_WRITE		0x0008
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    54
#define	PRIV_USE_DAC_SEARCH		0x0010
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    55
#define	PRIV_USE_SETID			0x0020
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    56
#define	PRIV_USE_FILE_OWNER		0x0040
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    57
#define	PRIV_DROP_FILE_WRITE		0x0080
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    58
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    59
static unsigned int solaris_priv_flags = 0;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    60
static unsigned char use_privs = TRUE;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    61
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    62
MODRET set_solaris_priv(cmd_rec *cmd) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    63
  unsigned int flags = 0;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    64
  config_rec *c = NULL;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    65
  register unsigned int i = 0;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    66
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    67
  if (cmd->argc - 1 < 1)
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    68
    CONF_ERROR(cmd, "need at least one parameter");
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    69
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    70
  CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    71
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    72
  /* PRIV_CHOWN is enabled by default. */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    73
  flags |= PRIV_USE_FILE_CHOWN;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    74
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    75
  for (i = 1; i < cmd->argc; i++) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    76
    char *cp = cmd->argv[i];
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    77
    cp++;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    78
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    79
    if (*cmd->argv[i] != '+' && *cmd->argv[i] != '-')
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    80
      CONF_ERROR(cmd, pstrcat(cmd->tmp_pool, ": bad option: '",
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    81
        cmd->argv[i], "'", NULL));
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    82
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    83
    if (strcasecmp(cp, "PRIV_USE_FILE_CHOWN") == 0) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    84
      if (*cmd->argv[i] == '-')
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    85
        flags &= ~PRIV_USE_FILE_CHOWN;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    86
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    87
    } else if (strcasecmp(cp, "PRIV_FILE_CHOWN_SELF") == 0) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    88
      if (*cmd->argv[i] == '-')
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    89
        flags &= ~PRIV_USE_FILE_CHOWN_SELF;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    90
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    91
    } else if (strcasecmp(cp, "PRIV_DAC_READ") == 0) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    92
      if (*cmd->argv[i] == '+')
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    93
        flags |= PRIV_USE_DAC_READ;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    94
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    95
    } else if (strcasecmp(cp, "PRIV_DAC_WRITE") == 0) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    96
      if (*cmd->argv[i] == '+')
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    97
        flags |= PRIV_USE_DAC_WRITE;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    98
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
    99
    } else if (strcasecmp(cp, "PRIV_DAC_SEARCH") == 0) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   100
      if (*cmd->argv[i] == '+')
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   101
        flags |= PRIV_USE_DAC_SEARCH;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   102
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   103
    } else if (strcasecmp(cp, "PRIV_FILE_OWNER") == 0) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   104
      if (*cmd->argv[i] == '+')
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   105
        flags |= PRIV_USE_FILE_OWNER;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   106
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   107
    } else {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   108
      CONF_ERROR(cmd, pstrcat(cmd->tmp_pool, "unknown privilege: '",
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   109
        cp, "'", NULL));
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   110
    }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   111
  }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   112
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   113
  c = add_config_param(cmd->argv[0], 1, NULL);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   114
  c->argv[0] = pcalloc(c->pool, sizeof(unsigned int));
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   115
  *((unsigned int *) c->argv[0]) = flags;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   116
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   117
  return PR_HANDLED(cmd);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   118
}
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   119
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   120
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   121
MODRET set_solaris_priv_engine(cmd_rec *cmd) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   122
  int bool = -1;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   123
  config_rec *c = NULL;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   124
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   125
  CHECK_ARGS(cmd, 1);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   126
  CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   127
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   128
  bool = get_boolean(cmd, 1);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   129
  if (bool == -1)
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   130
    CONF_ERROR(cmd, "expecting Boolean parameter");
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   131
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   132
  c = add_config_param(cmd->argv[0], 1, NULL);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   133
  c->argv[0] = pcalloc(c->pool, sizeof(unsigned char));
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   134
  *((unsigned char *) c->argv[0]) = bool;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   135
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   136
  return PR_HANDLED(cmd);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   137
}
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   138
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   139
/* Command handlers
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   140
 */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   141
619
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   142
/* The pre and post adat command handlers first enable
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   143
 * and then disable file_dac_read. This is done in order
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   144
 * for the mod_gss module to be able to read /etc/krb5/krb5.keytab,
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   145
 * when the proftpd server runs as user/group ftp/ftp.
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   146
 */
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   147
MODRET solaris_priv_pre_adat(cmd_rec *cmd) {
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   148
    priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_FILE_DAC_READ, NULL);
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   149
    return PR_DECLINED(cmd);
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   150
}
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   151
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   152
MODRET solaris_priv_post_adat(cmd_rec *cmd) {
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   153
    priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_FILE_DAC_READ, NULL);
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   154
    return PR_DECLINED(cmd);
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   155
}
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   156
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   157
static void set_privs(void) {
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   158
    /* This is for PAM code which decides to create an audit session
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   159
     * when the user is logging into ftp as root.
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   160
     */
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   161
    priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL);
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   162
    priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_SYS_AUDIT, NULL);
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   163
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   164
    /* Needed to call seteuid(). */
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   165
    priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_PROC_SETID, NULL);
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   166
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   167
    /* Needed to call settaskid(). */
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   168
    priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_PROC_TASKID, NULL);
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   169
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   170
    /* Needed to access /dev/urandom. */
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   171
    priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_SYS_DEVICES, NULL);
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   172
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   173
    /* Needed for pam_unix_cred to chown files. */
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   174
    priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_FILE_CHOWN_SELF, NULL);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   175
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   176
    /* Needed to access /var/adm/wtmpx. */
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   177
    priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_FILE_DAC_WRITE, NULL);
619
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   178
}
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   179
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   180
/* Setup priviledges before the user responds to the user prompt
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   181
 * from the ftp server so that a secure Kerberos session can be
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   182
 * established and also the user can login as root
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   183
 * when the ftp server is running as user/group ftp/ftp.
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   184
 */
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   185
MODRET solaris_priv_pre_pass(cmd_rec *cmd) {
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   186
    set_privs();
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   187
    return PR_DECLINED(cmd);
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   188
}
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   189
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   190
static priv_set_t* allocset(void) {
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   191
  priv_set_t* ret;
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   192
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   193
  if ((ret = priv_allocset()) == NULL) {
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   194
    pr_log_pri(PR_LOG_ERR, MOD_SOLARIS_PRIV_VERSION ": priv_allocset: %s",
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   195
      strerror(errno));
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   196
    pr_signals_unblock();
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   197
    end_login(1);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   198
  }
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   199
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   200
  return ret;
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   201
}
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   202
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   203
static void delset(priv_set_t *sp, const char *priv) {
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   204
  if (priv_delset(sp, priv) != 0) {
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   205
    pr_log_pri(PR_LOG_ERR, MOD_SOLARIS_PRIV_VERSION ": priv_delset: %s",
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   206
      strerror(errno));
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   207
    pr_signals_unblock();
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   208
    end_login(1);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   209
  }
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   210
}
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   211
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   212
static void addset(priv_set_t *sp, const char *priv) {
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   213
  if (priv_addset(sp, priv) != 0) {
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   214
    pr_log_pri(PR_LOG_ERR, MOD_SOLARIS_PRIV_VERSION ": priv_addset: %s",
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   215
      strerror(errno));
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   216
    pr_signals_unblock();
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   217
    end_login(1);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   218
  }
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   219
}
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   220
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   221
static void _setppriv(priv_op_t op, priv_ptype_t which, priv_set_t *set) {
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   222
  if (setppriv(op, which, set) != 0) {
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   223
    pr_log_pri(PR_LOG_ERR, MOD_SOLARIS_PRIV_VERSION ": setppriv: %s",
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   224
      strerror(errno));
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   225
    pr_signals_unblock();
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   226
    end_login(1);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   227
  }
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   228
}
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   229
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   230
/* The POST_CMD handler for "PASS" is only called after PASS has
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   231
 * successfully completed, which means authentication is successful,
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   232
 * so we can "tweak" our root access down to almost nothing.
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   233
 */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   234
MODRET solaris_priv_post_pass(cmd_rec *cmd) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   235
  int res = 0;
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   236
  priv_set_t *ps = NULL;
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   237
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   238
  if (!use_privs)
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   239
    return PR_DECLINED(cmd);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   240
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   241
  pr_signals_block();
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   242
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   243
  /* The only privilege we need is PRIV_NET_PRIVADDR (bind
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   244
   * ports < 1024).  Everything else can be discarded.  We set this
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   245
   * in the permitted set only, as when we switch away from root
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   246
   * we lose effective anyhow, and must reset it.
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   247
   *
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   248
   * We also remove the basic Solaris privileges we know we will
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   249
   * never need.
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   250
   */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   251
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   252
  ps = allocset();
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   253
  priv_basicset(ps);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   254
  delset(ps, PRIV_PROC_EXEC);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   255
  delset(ps, PRIV_PROC_FORK);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   256
  delset(ps, PRIV_PROC_INFO);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   257
  delset(ps, PRIV_PROC_SESSION);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   258
  _setppriv(PRIV_SET, PRIV_INHERITABLE, ps);
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   259
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   260
  priv_basicset(ps);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   261
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   262
  addset(ps, PRIV_NET_PRIVADDR);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   263
  addset(ps, PRIV_PROC_AUDIT);
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   264
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   265
  delset(ps, PRIV_PROC_EXEC);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   266
  delset(ps, PRIV_PROC_FORK);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   267
  delset(ps, PRIV_PROC_INFO);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   268
  delset(ps, PRIV_PROC_SESSION);
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   269
619
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   270
  /* If the proftpd process is not running as root, but as user ftp,
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   271
   * then this is necessary in order to make the setreuid work.
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   272
   * Without this, the setreuid would fail. The PRIV_PROC_SETID privilege 
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   273
   * is removed afterwards.
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   274
   */
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   275
  addset(ps, PRIV_PROC_SETID);
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   276
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   277
  /* Add any of the configurable privileges. */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   278
  if (solaris_priv_flags & PRIV_USE_FILE_CHOWN)
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   279
    addset(ps, PRIV_FILE_CHOWN);
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   280
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   281
  if (solaris_priv_flags & PRIV_USE_FILE_CHOWN_SELF)
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   282
    addset(ps, PRIV_FILE_CHOWN_SELF);
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   283
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   284
  if (solaris_priv_flags & PRIV_USE_DAC_READ)
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   285
    addset(ps, PRIV_FILE_DAC_READ);
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   286
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   287
  if (solaris_priv_flags & PRIV_USE_DAC_WRITE)
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   288
    addset(ps, PRIV_FILE_DAC_WRITE);
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   289
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   290
  if (solaris_priv_flags & PRIV_USE_DAC_SEARCH)
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   291
    addset(ps, PRIV_FILE_DAC_SEARCH);
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   292
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   293
  if (solaris_priv_flags & PRIV_USE_FILE_OWNER)
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   294
    addset(ps, PRIV_FILE_OWNER);
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   295
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   296
  if (solaris_priv_flags & PRIV_DROP_FILE_WRITE)
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   297
    delset(ps, PRIV_FILE_WRITE);
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   298
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   299
  _setppriv(PRIV_SET, PRIV_PERMITTED, ps);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   300
  _setppriv(PRIV_SET, PRIV_EFFECTIVE, ps);
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   301
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   302
  if (setreuid(session.uid, session.uid) == -1) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   303
    pr_log_pri(PR_LOG_ERR, MOD_SOLARIS_PRIV_VERSION ": setreuid: %s",
619
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   304
      strerror(errno));
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   305
    pr_signals_unblock();
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   306
    end_login(1);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   307
  }
619
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   308
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   309
  if (!(solaris_priv_flags & PRIV_USE_SETID)) {
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   310
    delset(ps, PRIV_PROC_SETID);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   311
    _setppriv(PRIV_SET, PRIV_PERMITTED, ps);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   312
    _setppriv(PRIV_SET, PRIV_EFFECTIVE, ps);
619
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   313
  }
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   314
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   315
  priv_freeset(ps);
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   316
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   317
  pr_signals_unblock();
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   318
707
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   319
  /* That's it!  Disable all further id switching */
5953149bd743 7130322 proftpd in the default configuration does not have required privileges
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 619
diff changeset
   320
  session.disable_id_switching = TRUE;
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   321
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   322
  return PR_DECLINED(cmd);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   323
}
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   324
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   325
/* Initialization routines
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   326
 */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   327
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   328
static int solaris_priv_sess_init(void) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   329
  /* Check to see if the lowering of capabilities has been disabled in the
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   330
   * configuration file.
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   331
   */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   332
  if (use_privs) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   333
    unsigned char *solaris_priv_engine;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   334
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   335
    solaris_priv_engine = get_param_ptr(main_server->conf, "PrivilegeEngine", FALSE);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   336
    if (solaris_priv_engine &&
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   337
        *solaris_priv_engine == FALSE) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   338
      pr_log_debug(DEBUG3, MOD_SOLARIS_PRIV_VERSION
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   339
        ": lowering of capabilities disabled");
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   340
      use_privs = FALSE;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   341
    }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   342
  }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   343
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   344
  /* Check for which specific capabilities to include/exclude. */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   345
  if (use_privs) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   346
    int use_setuid = FALSE;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   347
    config_rec *c;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   348
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   349
    c = find_config(main_server->conf, CONF_PARAM, "PrivilegeSet", FALSE);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   350
    if (c != NULL) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   351
      solaris_priv_flags = *((unsigned int *) c->argv[0]);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   352
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   353
      if (!(solaris_priv_flags & PRIV_USE_FILE_CHOWN)) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   354
        pr_log_debug(DEBUG3, MOD_SOLARIS_PRIV_VERSION
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   355
          ": removing PRIV_CHOWN privilege");
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   356
      }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   357
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   358
      if (solaris_priv_flags & PRIV_USE_DAC_READ) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   359
        pr_log_debug(DEBUG3, MOD_SOLARIS_PRIV_VERSION
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   360
          ": adding PRIV_FILE_DAC_READ privilege"); 
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   361
      }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   362
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   363
      if (solaris_priv_flags & PRIV_USE_DAC_WRITE) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   364
        pr_log_debug(DEBUG3, MOD_SOLARIS_PRIV_VERSION
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   365
          ": adding PRIV_FILE_DAC_WRITE privilege"); 
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   366
      }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   367
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   368
      if (solaris_priv_flags & PRIV_USE_DAC_SEARCH) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   369
        pr_log_debug(DEBUG3, MOD_SOLARIS_PRIV_VERSION
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   370
          ": adding PRIV_DAC_SEARCH privilege");
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   371
      }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   372
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   373
      if (solaris_priv_flags & PRIV_USE_FILE_OWNER) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   374
        pr_log_debug(DEBUG3, MOD_SOLARIS_PRIV_VERSION
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   375
          ": adding PRIV_FILE_OWNER privilege");
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   376
      }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   377
    }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   378
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   379
    c = find_config(main_server->conf, CONF_PARAM, "AllowOverwrite", FALSE);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   380
    if (c && *((int *) c->argv[0]) == FALSE) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   381
        pr_log_debug(DEBUG3, MOD_SOLARIS_PRIV_VERSION
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   382
          ": removing PRIV_FILE_WRITE basic privilege");
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   383
        solaris_priv_flags |= PRIV_DROP_FILE_WRITE;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   384
    }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   385
	    
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   386
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   387
    /* We also need to check for things which want to revoke root privs
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   388
     * altogether: mod_exec, mod_sftp, and the RootRevoke directive.
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   389
     * Revoking root privs completely requires the SETUID/SETGID
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   390
     * capabilities.
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   391
     */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   392
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   393
    if (use_setuid == FALSE &&
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   394
        pr_module_exists("mod_sftp.c")) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   395
      c = find_config(main_server->conf, CONF_PARAM, "SFTPEngine", FALSE);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   396
      if (c &&
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   397
          *((int *) c->argv[0]) == TRUE) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   398
        use_setuid = TRUE;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   399
      }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   400
    }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   401
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   402
    if (use_setuid == FALSE &&
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   403
        pr_module_exists("mod_exec.c")) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   404
      c = find_config(main_server->conf, CONF_PARAM, "ExecEngine", FALSE);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   405
      if (c &&
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   406
          *((unsigned char *) c->argv[0]) == TRUE) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   407
        use_setuid = TRUE;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   408
      }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   409
    }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   410
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   411
    if (use_setuid == FALSE) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   412
      c = find_config(main_server->conf, CONF_PARAM, "RootRevoke", FALSE);
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   413
      if (c &&
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   414
          *((unsigned char *) c->argv[0]) == TRUE) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   415
        use_setuid = TRUE;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   416
      }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   417
    }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   418
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   419
    if (use_setuid) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   420
      solaris_priv_flags |= PRIV_USE_SETID;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   421
      pr_log_debug(DEBUG3, MOD_SOLARIS_PRIV_VERSION
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   422
        ": adding PRIV_SETID ");
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   423
    }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   424
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   425
  }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   426
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   427
  return 0;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   428
}
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   429
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   430
static int solaris_priv_module_init(void) {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   431
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   432
  return 0;
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   433
}
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   434
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   435
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   436
/* Module API tables
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   437
 */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   438
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   439
static conftable solaris_priv_conftab[] = {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   440
  { "PrivilegeEngine", set_solaris_priv_engine, NULL },
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   441
  { "PrivilegeSet",    set_solaris_priv,        NULL },
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   442
  { NULL, NULL, NULL }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   443
};
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   444
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   445
static cmdtable solaris_priv_cmdtab[] = {
619
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   446
  { PRE_CMD, C_ADAT, G_NONE, solaris_priv_pre_adat, FALSE, FALSE },
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   447
  { POST_CMD, C_ADAT, G_NONE, solaris_priv_post_adat, FALSE, FALSE },
7e9d43a6a553 7087047 proftpd should support standard Kerberos client configuration
tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com>
parents: 601
diff changeset
   448
  { PRE_CMD, C_PASS, G_NONE, solaris_priv_pre_pass, FALSE, FALSE },
305
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   449
  { POST_CMD, C_PASS, G_NONE, solaris_priv_post_pass, FALSE, FALSE },
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   450
  { 0, NULL }
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   451
};
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   452
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   453
module solaris_priv_module = {
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   454
  NULL, NULL,
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   455
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   456
  /* Module API version */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   457
  0x20,
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   458
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   459
  /* Module name */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   460
  "cap",
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   461
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   462
  /* Module configuration handler table */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   463
  solaris_priv_conftab,
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   464
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   465
  /* Module command handler table */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   466
  solaris_priv_cmdtab,
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   467
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   468
  /* Module authentication handler table */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   469
  NULL,
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   470
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   471
  /* Module initialization */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   472
  solaris_priv_module_init,
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   473
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   474
  /* Session initialization */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   475
  solaris_priv_sess_init,
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   476
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   477
  /* Module version */
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   478
  MOD_SOLARIS_PRIV_VERSION
e95b65443448 PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
Milan Jurik <Milan.Jurik@oracle.com>
parents:
diff changeset
   479
};