- added ftpusers(5) man pages

[packages/proftpd.git] / proftpd-mod_tcpd.c

/*
 * ProFTPD: mod_tcpd -- use TCPD library for access control
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA.
 *
 * -- DO NOT MODIFY THE TWO LINES BELOW --
 * $Libraries: -lwrap$
 * $Id$
 *
 */

#include "conf.h"
#include "privs.h"
#include "tcpd.h"

#ifndef TCPD_ALLOW
int allow_severity = LOG_INFO;
int deny_severity = LOG_WARNING;
#endif
/*
 * -------------------------------------------------------------------------
 *   Configuration Handlers
 * -------------------------------------------------------------------------
 */

MODRET set_tcpd(cmd_rec * cmd)
{
        int b;

        CHECK_ARGS(cmd, 1);
        CHECK_CONF(cmd, CONF_ROOT | CONF_VIRTUAL | CONF_GLOBAL);

        if ((b = get_boolean(cmd, 1)) == -1)
                CONF_ERROR(cmd, "expected boolean argument.");

        add_config_param("UseTCPD", 1, (void *) b);

        return HANDLED(cmd);
}

MODRET set_tcpd_service(cmd_rec * cmd)
{
        char *service_name;

        CHECK_ARGS(cmd, 1);
        CHECK_CONF(cmd, CONF_ROOT | CONF_VIRTUAL | CONF_GLOBAL);

        service_name = cmd->argv[1];

        add_config_param_str("TCPDServiceName", 1, (void *) service_name);

        return HANDLED(cmd);
}

/*
 * These two functions are copied, almost verbatim, from the set_sysloglevel()
 * function in modules/mod_core.c.  I hereby cite the source for this code
 * as MacGuyver <macguyver@tos.net>. =)
 */

MODRET set_allow_syslog_level(cmd_rec * cmd)
{
        CHECK_ARGS(cmd, 1);
        CHECK_CONF(cmd, CONF_ROOT | CONF_VIRTUAL | CONF_ANON);

        if (!strcasecmp(cmd->argv[1], "emerg")) {
                add_config_param("HostsAllowSyslogLevel", 1,
                                 (void *) PR_LOG_EMERG);

        } else if (!strcasecmp(cmd->argv[1], "alert")) {
                add_config_param("HostsAllowSyslogLevel", 1,
                                 (void *) PR_LOG_ALERT);

        } else if (!strcasecmp(cmd->argv[1], "crit")) {
                add_config_param("HostsAllowSyslogLevel", 1,
                                 (void *) PR_LOG_CRIT);

        } else if (!strcasecmp(cmd->argv[1], "error")) {
                add_config_param("HostsAllowSyslogLevel", 1,
                                 (void *) PR_LOG_ERR);

        } else if (!strcasecmp(cmd->argv[1], "warn")) {
                add_config_param("HostsAllowSyslogLevel", 1,
                                 (void *) PR_LOG_WARNING);

        } else if (!strcasecmp(cmd->argv[1], "notice")) {
                add_config_param("HostsAllowSyslogLevel", 1,
                                 (void *) PR_LOG_NOTICE);

        } else if (!strcasecmp(cmd->argv[1], "info")) {
                add_config_param("HostsAllowSyslogLevel", 1,
                                 (void *) PR_LOG_INFO);

        } else if (!strcasecmp(cmd->argv[1], "debug")) {
                add_config_param("HostsAllowSyslogLevel", 1,
                                 (void *) PR_LOG_DEBUG);

        } else {
                CONF_ERROR(cmd, "HostsAllowSyslogLevel requires level keyword: "
                                "one of emerg/alert/crit/error/warn/notice/info/debug");
        }

        return HANDLED(cmd);
}

MODRET set_deny_syslog_level(cmd_rec * cmd)
{
        CHECK_ARGS(cmd, 1);
        CHECK_CONF(cmd, CONF_ROOT | CONF_VIRTUAL | CONF_ANON);

        if (!strcasecmp(cmd->argv[1], "emerg")) {
                add_config_param("HostsDenySyslogLevel", 1,
                                 (void *) PR_LOG_EMERG);

        } else if (!strcasecmp(cmd->argv[1], "alert")) {
                add_config_param("HostsDenySyslogLevel", 1,
                                 (void *) PR_LOG_ALERT);

        } else if (!strcasecmp(cmd->argv[1], "crit")) {
                add_config_param("HostsDenySyslogLevel", 1,
                                 (void *) PR_LOG_CRIT);

        } else if (!strcasecmp(cmd->argv[1], "error")) {
                add_config_param("HostsDenySyslogLevel", 1,
                                 (void *) PR_LOG_ERR);

        } else if (!strcasecmp(cmd->argv[1], "warn")) {
                add_config_param("HostsDenySyslogLevel", 1,
                                 (void *) PR_LOG_WARNING);

        } else if (!strcasecmp(cmd->argv[1], "notice")) {
                add_config_param("HostsDenySyslogLevel", 1,
                                 (void *) PR_LOG_NOTICE);

        } else if (!strcasecmp(cmd->argv[1], "info")) {
                add_config_param("HostsDenySyslogLevel", 1,
                                 (void *) PR_LOG_INFO);

        } else if (!strcasecmp(cmd->argv[1], "debug")) {
                add_config_param("HostsDenySyslogLevel", 1,
                                 (void *) PR_LOG_DEBUG);

        } else {
                CONF_ERROR(cmd, "HostsDenySyslogLevel requires level keyword: "
                                "one of emerg/alert/crit/error/warn/notice/info/debug");
        }

        return HANDLED(cmd);
}

/*
 * -------------------------------------------------------------------------
 *  Command Handlers
 * -------------------------------------------------------------------------
 */

MODRET handle_request(cmd_rec * cmd)
{
        struct request_info request;
        char *service_name;

        /*
         * If we haven't been explicitly disabled, enable us by default.
         */
        if(get_param_int(TOPLEVEL_CONF, "UseTCPD", FALSE) == 0)
                return DECLINED(cmd);

        if ((allow_severity = get_param_int(CURRENT_CONF, "HostsAllowSyslogLevel",
                                        FALSE)) == -1)
                allow_severity = LOG_INFO;

        if ((deny_severity = get_param_int(CURRENT_CONF, "HostsDenySyslogLevel",
                                        FALSE)) == -1)
                deny_severity = LOG_WARNING;

        if ((service_name = (char *)get_param_ptr(CURRENT_CONF, "TCPDServiceName",
                                        FALSE)) == NULL)
                service_name = "proftpd";

        request_init(&request, RQ_DAEMON, service_name,
                        RQ_FILE, session.c->rfd,
                        RQ_CLIENT_SIN, session.c->remote_ipaddr,
                        NULL);

        fromhost(&request);

        if (!hosts_access(&request)) {
                add_response_err(R_550,
                                 "Unable to connect to %s: connection refused",
                                 cmd->server->ServerFQDN);
                add_response_err(R_DUP,
                                 "Please contact %s for more information",
                                 cmd->server->ServerAdmin);
                refuse(&request);

                return ERROR(cmd);
        }

        /*
         * if request is allowable, return DECLINED (for engine to act as if this
         * handler was never called, else ERROR (for engine to abort processing and
         * deny request.
         */

        /* log the accepted connection */
#ifdef TCPD_ALLOW
        tcpd_allowlog(&request);
#else
        log_pri(allow_severity, "connect from %s", eval_client(&request));
#endif

        return HANDLED(cmd);
}

static conftable tcpd_conftab[] = {
        {"HostsAllowSyslogLevel", set_allow_syslog_level, NULL},
        {"HostsDenySyslogLevel", set_deny_syslog_level, NULL},
        {"UseTCPD", set_tcpd, NULL},
        {"TCPDServiceName", set_tcpd_service, NULL},
        {NULL}
};

static cmdtable tcpd_cmdtab[] = {
        {PRE_CMD, C_PASS, G_NONE, handle_request, FALSE, FALSE},
        {0, NULL}
};

module tcpd_module = {
        NULL,
        NULL,
        0x20,
        "tcpd",
        tcpd_conftab,
        tcpd_cmdtab,
        NULL,
        NULL,
        NULL
};