1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
|
/*
Copyright (C) 2000-2025 Free Software Foundation, Inc.
This file is part of GNU Inetutils.
GNU Inetutils is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or (at
your option) any later version.
GNU Inetutils is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see `http://www.gnu.org/licenses/'. */
#include <config.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <syslog.h>
#include <attribute.h>
#include "extern.h"
#ifdef HAVE_SECURITY_PAM_APPL_H
# include <security/pam_appl.h>
#endif
/*
* Mechanisms and prerequisites.
*
* The original code was tailored to rely on the side-effects
* of the Linux-PAM module `pam_ftp.so', with its peculiarities:
*
* 1. If PAM_USER is `ftp' or `anonymous', fetch PAM_AUTHTOK
* and split it at `@' into PAM_RUSER and PAM_RHOST.
* Return with success and set PAM_USER to `ftp'.
*
* 2. For other values of PAM_USER, keep the gotten PAM_AUTHTOK
* unchanged, and fail.
*
* This module `pam_ftp.so' does not exist in OpenPAM, nor in
* Solaris-PAM. Thus portability requires some care.
*/
/* June 3rd, 2012:
* The draft of A.G Morgan on behalf of the the Open-PAM
* working group has clearly not been able to get the
* additions PAM_INCOMPLETE and PAM_CONV_AGAIN accepted
* sufficiently well in order that the present code should
* force them upon BSD and Solaris. They are thus protected
* by preprocessor conditionals for the time being.
*/
#ifdef WITH_PAM
/* PAM authentication, now using the PAM's async feature. */
static pam_handle_t *pamh;
static int PAM_conv (int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr);
static struct pam_conv PAM_conversation = { &PAM_conv, NULL };
static int
PAM_conv (int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr)
{
struct pam_response *repl = NULL;
int retval, count = 0, replies = 0;
int size = sizeof (struct pam_response);
struct credentials *pcred = (struct credentials *) appdata_ptr;
# define GET_MEM \
if (!(repl = realloc (repl, size))) \
return PAM_BUF_ERR; \
size += sizeof (struct pam_response)
retval = PAM_SUCCESS;
for (count = 0; count < num_msg; count++)
{
int savemsg = 0;
switch (msg[count]->msg_style)
{
case PAM_PROMPT_ECHO_ON:
GET_MEM;
repl[replies].resp_retcode = PAM_SUCCESS;
repl[replies].resp = sgetsave (pcred->name);
replies++;
break;
case PAM_PROMPT_ECHO_OFF:
GET_MEM;
if (pcred->pass == NULL)
{
savemsg = 1;
# ifdef PAM_CONV_AGAIN
retval = PAM_CONV_AGAIN; /* Linux-PAM */
# elif !defined WITH_LINUX_PAM
/*
* Simulate PAM_CONV_AGAIN.
* The alternate value PAM_TRY_AGAIN is not
* an expected return value here, so it will
* leave an audit trail. */
retval = PAM_CRED_INSUFFICIENT;
# else/* !PAM_CONV_AGAIN && !WITH_LINUX_PAM */
retval = PAM_CONV_ERR;
# endif
}
else
{
repl[replies].resp_retcode = PAM_SUCCESS;
repl[replies].resp = sgetsave (pcred->pass);
replies++;
}
break;
case PAM_TEXT_INFO:
savemsg = 1;
break;
case PAM_ERROR_MSG:
default:
/* Must be an error of some sort... */
savemsg = 1;
retval = PAM_CONV_ERR;
}
if (savemsg)
{
/* FIXME: This is a serious problem. If the PAM message
is multilines, the reply _must_ be formatted correctly.
The way to do this would be to consider \n as a boundary then
in the ftpd.c:user() or ftpd.c:pass() check for it and send
a lreply(). But I'm not sure the RFCs allow mutilines replies
for a passwd challenge. Many clients will simply break. */
/* XXX: Attempted solution; collect all messages, appended
* one after the other, separated by "\n". Then print all
* of them in one single run. This will circumvent the hard
* coded protocol convention of not allowing continuation
* massage to carry a deviating reply code relative to the
* final message.
*/
if (pcred->message) /* XXX: make sure we split newlines correctly */
{
size_t len = strlen (pcred->message);
char *s = realloc (pcred->message, len
+ strlen (msg[count]->msg) + 2);
if (s == NULL)
{
free (pcred->message);
pcred->message = NULL;
}
else
{
pcred->message = s;
strcat (pcred->message, "\n");
strcat (pcred->message, msg[count]->msg);
}
}
else
pcred->message = sgetsave (msg[count]->msg);
if (pcred->message == NULL)
retval = PAM_CONV_ERR;
else
{
char *sp;
/* Remove trailing space only. */
sp = pcred->message + strlen (pcred->message);
while (sp > pcred->message && strchr (" \t\n", *--sp))
*sp = '\0';
}
}
/* In case of error, drop responses and return */
if (retval)
{
/* FIXME: drop_reply is not standard, need to clean this. */
//_pam_drop_reply (repl, replies);
free (repl);
return retval;
}
}
if (repl)
*resp = repl;
return PAM_SUCCESS;
}
/* Non-zero return status means failure. */
static int
pam_doit (struct credentials *pcred)
{
char *username;
int error;
error = pam_authenticate (pamh, 0);
/* Probably being called with empty passwd. */
if (0
# ifdef PAM_CONV_AGAIN
|| error == PAM_CONV_AGAIN
# endif
# ifdef PAM_INCOMPLETE
|| error == PAM_INCOMPLETE
# endif
# ifndef WITH_LINUX_PAM
/*
* In absence of `pam_ftp.so', catch the simulated,
* incomplete state reported by our PAM_conv().
*/
|| (error == PAM_CRED_INSUFFICIENT && pcred->pass == NULL)
# endif/* !WITH_LINUX_PAM */
)
{
/* Avoid overly terse passwd messages and let the people
upstairs do something sane. */
if (pcred->message && !strcasecmp (pcred->message, "password:"))
{
free (pcred->message);
pcred->message = NULL;
}
return PAM_SUCCESS;
}
if (error == PAM_SUCCESS) /* Alright, we got it */
{
error = pam_acct_mgmt (pamh, 0);
if (error == PAM_SUCCESS)
error = pam_setcred (pamh, PAM_ESTABLISH_CRED);
if (error == PAM_SUCCESS)
error = pam_open_session (pamh, 0);
if (error == PAM_SUCCESS)
error = pam_get_item (pamh, PAM_USER, (const void **) &username);
if (error == PAM_SUCCESS)
{
if (sgetcred (username, pcred) != 0)
error = PAM_AUTH_ERR;
else
{
if (strcasecmp (username, "ftp") == 0)
pcred->guest = 1;
}
}
}
if (error != PAM_SUCCESS)
{
pam_end (pamh, error);
pamh = NULL;
}
return (error != PAM_SUCCESS);
}
# define TTY_FORMAT "/dev/ftp%d"
/* Non-zero return means failure. */
int
pam_user (const char *username, struct credentials *pcred)
{
int error;
char tty_name[strlen (TTY_FORMAT) + strlen ("9999999")];
if (pamh != NULL)
{
pam_end (pamh, PAM_ABORT);
pamh = NULL;
}
free (pcred->name);
pcred->name = strdup (username);
free (pcred->message);
pcred->message = NULL;
(void) snprintf (tty_name, sizeof (tty_name), TTY_FORMAT, (int) getpid ());
/* Arrange our creditive. */
PAM_conversation.appdata_ptr = (void *) pcred;
error = pam_start ("ftp", pcred->name, &PAM_conversation, &pamh);
if (error == PAM_SUCCESS)
error = pam_set_item (pamh, PAM_RHOST, pcred->remotehost);
if (error == PAM_SUCCESS)
error = pam_set_item (pamh, PAM_TTY, tty_name);
if (error != PAM_SUCCESS)
{
pam_end (pamh, error);
pamh = 0;
}
if (pamh)
error = pam_doit (pcred);
return (error != PAM_SUCCESS);
}
/* Nonzero value return for error. */
int
pam_pass (const char *passwd, struct credentials *pcred)
{
int error = PAM_AUTH_ERR;
if (pamh)
{
pcred->pass = (char *) passwd;
error = pam_doit (pcred);
pcred->pass = NULL;
}
return error != PAM_SUCCESS;
}
void
pam_end_login (struct credentials *pcred MAYBE_UNUSED)
{
int error;
if (pamh)
{
error = pam_close_session (pamh, PAM_SILENT);
if (logging && error != PAM_SUCCESS)
syslog (LOG_ERR, "pam_session: %s", pam_strerror (pamh, error));
error = pam_setcred (pamh, PAM_SILENT | PAM_DELETE_CRED);
if (logging && error != PAM_SUCCESS)
syslog (LOG_ERR, "pam_setcred: %s", pam_strerror (pamh, error));
error = pam_end (pamh, error);
if (logging && error != PAM_SUCCESS)
syslog (LOG_ERR, "pam_end: %s", pam_strerror (pamh, error));
pamh = NULL;
}
}
#endif /* WITH_PAM */
|
