2 * ProFTPD: mod_tcpd -- use TCPD library for access control
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
18 * -- DO NOT MODIFY THE TWO LINES BELOW --
29 int allow_severity = LOG_INFO;
30 int deny_severity = LOG_WARNING;
33 * -------------------------------------------------------------------------
34 * Configuration Handlers
35 * -------------------------------------------------------------------------
38 MODRET set_tcpd(cmd_rec * cmd)
43 CHECK_CONF(cmd, CONF_ROOT | CONF_VIRTUAL | CONF_GLOBAL);
45 if ((b = get_boolean(cmd, 1)) == -1)
46 CONF_ERROR(cmd, "expected boolean argument.");
48 add_config_param("UseTCPD", 1, (void *) b);
53 MODRET set_tcpd_service(cmd_rec * cmd)
58 CHECK_CONF(cmd, CONF_ROOT | CONF_VIRTUAL | CONF_GLOBAL);
60 service_name = cmd->argv[1];
62 add_config_param_str("TCPDServiceName", 1, (void *) service_name);
68 * These two functions are copied, almost verbatim, from the set_sysloglevel()
69 * function in modules/mod_core.c. I hereby cite the source for this code
70 * as MacGuyver <macguyver@tos.net>. =)
73 MODRET set_allow_syslog_level(cmd_rec * cmd)
76 CHECK_CONF(cmd, CONF_ROOT | CONF_VIRTUAL | CONF_ANON);
78 if (!strcasecmp(cmd->argv[1], "emerg")) {
79 add_config_param("HostsAllowSyslogLevel", 1,
80 (void *) PR_LOG_EMERG);
82 } else if (!strcasecmp(cmd->argv[1], "alert")) {
83 add_config_param("HostsAllowSyslogLevel", 1,
84 (void *) PR_LOG_ALERT);
86 } else if (!strcasecmp(cmd->argv[1], "crit")) {
87 add_config_param("HostsAllowSyslogLevel", 1,
88 (void *) PR_LOG_CRIT);
90 } else if (!strcasecmp(cmd->argv[1], "error")) {
91 add_config_param("HostsAllowSyslogLevel", 1,
94 } else if (!strcasecmp(cmd->argv[1], "warn")) {
95 add_config_param("HostsAllowSyslogLevel", 1,
96 (void *) PR_LOG_WARNING);
98 } else if (!strcasecmp(cmd->argv[1], "notice")) {
99 add_config_param("HostsAllowSyslogLevel", 1,
100 (void *) PR_LOG_NOTICE);
102 } else if (!strcasecmp(cmd->argv[1], "info")) {
103 add_config_param("HostsAllowSyslogLevel", 1,
104 (void *) PR_LOG_INFO);
106 } else if (!strcasecmp(cmd->argv[1], "debug")) {
107 add_config_param("HostsAllowSyslogLevel", 1,
108 (void *) PR_LOG_DEBUG);
111 CONF_ERROR(cmd, "HostsAllowSyslogLevel requires level keyword: "
112 "one of emerg/alert/crit/error/warn/notice/info/debug");
118 MODRET set_deny_syslog_level(cmd_rec * cmd)
121 CHECK_CONF(cmd, CONF_ROOT | CONF_VIRTUAL | CONF_ANON);
123 if (!strcasecmp(cmd->argv[1], "emerg")) {
124 add_config_param("HostsDenySyslogLevel", 1,
125 (void *) PR_LOG_EMERG);
127 } else if (!strcasecmp(cmd->argv[1], "alert")) {
128 add_config_param("HostsDenySyslogLevel", 1,
129 (void *) PR_LOG_ALERT);
131 } else if (!strcasecmp(cmd->argv[1], "crit")) {
132 add_config_param("HostsDenySyslogLevel", 1,
133 (void *) PR_LOG_CRIT);
135 } else if (!strcasecmp(cmd->argv[1], "error")) {
136 add_config_param("HostsDenySyslogLevel", 1,
137 (void *) PR_LOG_ERR);
139 } else if (!strcasecmp(cmd->argv[1], "warn")) {
140 add_config_param("HostsDenySyslogLevel", 1,
141 (void *) PR_LOG_WARNING);
143 } else if (!strcasecmp(cmd->argv[1], "notice")) {
144 add_config_param("HostsDenySyslogLevel", 1,
145 (void *) PR_LOG_NOTICE);
147 } else if (!strcasecmp(cmd->argv[1], "info")) {
148 add_config_param("HostsDenySyslogLevel", 1,
149 (void *) PR_LOG_INFO);
151 } else if (!strcasecmp(cmd->argv[1], "debug")) {
152 add_config_param("HostsDenySyslogLevel", 1,
153 (void *) PR_LOG_DEBUG);
156 CONF_ERROR(cmd, "HostsDenySyslogLevel requires level keyword: "
157 "one of emerg/alert/crit/error/warn/notice/info/debug");
164 * -------------------------------------------------------------------------
166 * -------------------------------------------------------------------------
169 MODRET handle_request(cmd_rec * cmd)
171 struct request_info request;
175 * If we haven't been explicitly disabled, enable us by default.
177 if(get_param_int(TOPLEVEL_CONF, "UseTCPD", FALSE) == 0)
178 return DECLINED(cmd);
180 if ((allow_severity = get_param_int(CURRENT_CONF, "HostsAllowSyslogLevel",
182 allow_severity = LOG_INFO;
184 if ((deny_severity = get_param_int(CURRENT_CONF, "HostsDenySyslogLevel",
186 deny_severity = LOG_WARNING;
188 if ((service_name = (char *)get_param_ptr(CURRENT_CONF, "TCPDServiceName",
190 service_name = "proftpd";
192 request_init(&request, RQ_DAEMON, service_name,
193 RQ_FILE, session.c->rfd,
194 RQ_CLIENT_SIN, session.c->remote_ipaddr,
199 if (!hosts_access(&request)) {
200 add_response_err(R_550,
201 "Unable to connect to %s: connection refused",
202 cmd->server->ServerFQDN);
203 add_response_err(R_DUP,
204 "Please contact %s for more information",
205 cmd->server->ServerAdmin);
212 * if request is allowable, return DECLINED (for engine to act as if this
213 * handler was never called, else ERROR (for engine to abort processing and
217 /* log the accepted connection */
219 tcpd_allowlog(&request);
221 log_pri(allow_severity, "connect from %s", eval_client(&request));
227 static conftable tcpd_conftab[] = {
228 {"HostsAllowSyslogLevel", set_allow_syslog_level, NULL},
229 {"HostsDenySyslogLevel", set_deny_syslog_level, NULL},
230 {"UseTCPD", set_tcpd, NULL},
231 {"TCPDServiceName", set_tcpd_service, NULL},
235 static cmdtable tcpd_cmdtab[] = {
236 {PRE_CMD, C_PASS, G_NONE, handle_request, FALSE, FALSE},
240 module tcpd_module = {