xref: /onnv-gate/usr/src/cmd/cmd-inet/usr.sbin/in.ftpd/restrict.c (revision 0:68f95e015346) 
1*0Sstevel@tonic-gate #pragma ident	"%Z%%M%	%I%	%E% SMI"
2*0Sstevel@tonic-gate 
3*0Sstevel@tonic-gate /****************************************************************************
4*0Sstevel@tonic-gate   Copyright (c) 1999,2000 WU-FTPD Development Group.
5*0Sstevel@tonic-gate   All rights reserved.
6*0Sstevel@tonic-gate 
7*0Sstevel@tonic-gate   Portions Copyright (c) 1980, 1985, 1988, 1989, 1990, 1991, 1993, 1994
8*0Sstevel@tonic-gate     The Regents of the University of California.
9*0Sstevel@tonic-gate   Portions Copyright (c) 1993, 1994 Washington University in Saint Louis.
10*0Sstevel@tonic-gate   Portions Copyright (c) 1996, 1998 Berkeley Software Design, Inc.
11*0Sstevel@tonic-gate   Portions Copyright (c) 1989 Massachusetts Institute of Technology.
12*0Sstevel@tonic-gate   Portions Copyright (c) 1998 Sendmail, Inc.
13*0Sstevel@tonic-gate   Portions Copyright (c) 1983, 1995, 1996, 1997 Eric P.  Allman.
14*0Sstevel@tonic-gate   Portions Copyright (c) 1997 by Stan Barber.
15*0Sstevel@tonic-gate   Portions Copyright (c) 1997 by Kent Landfield.
16*0Sstevel@tonic-gate   Portions Copyright (c) 1991, 1992, 1993, 1994, 1995, 1996, 1997
17*0Sstevel@tonic-gate     Free Software Foundation, Inc.
18*0Sstevel@tonic-gate 
19*0Sstevel@tonic-gate   Use and distribution of this software and its source code are governed
20*0Sstevel@tonic-gate   by the terms and conditions of the WU-FTPD Software License ("LICENSE").
21*0Sstevel@tonic-gate 
22*0Sstevel@tonic-gate   If you did not receive a copy of the license, it may be obtained online
23*0Sstevel@tonic-gate   at http://www.wu-ftpd.org/license.html.
24*0Sstevel@tonic-gate 
25*0Sstevel@tonic-gate   $Id: restrict.c,v 1.14 2000/07/01 18:17:39 wuftpd Exp $
26*0Sstevel@tonic-gate 
27*0Sstevel@tonic-gate ****************************************************************************/
28*0Sstevel@tonic-gate /*
29*0Sstevel@tonic-gate  * Contributed by Glenn Nielsen <glenn@more.net>
30*0Sstevel@tonic-gate  * Mon, 18 Jan 1999 20:04:07 -0600
31*0Sstevel@tonic-gate  */
32*0Sstevel@tonic-gate #include "config.h"
33*0Sstevel@tonic-gate 
34*0Sstevel@tonic-gate #include <sys/param.h>
35*0Sstevel@tonic-gate #include <stdlib.h>
36*0Sstevel@tonic-gate #include <string.h>
37*0Sstevel@tonic-gate #include <syslog.h>
38*0Sstevel@tonic-gate #include "proto.h"
39*0Sstevel@tonic-gate 
40*0Sstevel@tonic-gate #ifdef HAVE_GETCWD
41*0Sstevel@tonic-gate extern char *getcwd(char *, size_t);
42*0Sstevel@tonic-gate #else
43*0Sstevel@tonic-gate extern char *getwd(char *);
44*0Sstevel@tonic-gate #endif
45*0Sstevel@tonic-gate 
46*0Sstevel@tonic-gate #ifndef TRUE
47*0Sstevel@tonic-gate #define TRUE 1
48*0Sstevel@tonic-gate #define FALSE 0
49*0Sstevel@tonic-gate #endif
50*0Sstevel@tonic-gate 
51*0Sstevel@tonic-gate extern char *home;
52*0Sstevel@tonic-gate extern int restricted_user;
53*0Sstevel@tonic-gate 
54*0Sstevel@tonic-gate /*
55*0Sstevel@tonic-gate  * name is the function parameter
56*0Sstevel@tonic-gate  * home is a global string containing the user's home directory
57*0Sstevel@tonic-gate  *
58*0Sstevel@tonic-gate  * rhome is the resolved home directory
59*0Sstevel@tonic-gate  * rname is the resolved requested filename
60*0Sstevel@tonic-gate  * curwd is the current working directory
61*0Sstevel@tonic-gate  * path is name, possibly prepended by the current working directory
62*0Sstevel@tonic-gate  */
63*0Sstevel@tonic-gate 
restrict_check(char * name)64*0Sstevel@tonic-gate int restrict_check(char *name)
65*0Sstevel@tonic-gate {
66*0Sstevel@tonic-gate     if (!test_restriction(name))
67*0Sstevel@tonic-gate 	return 0;
68*0Sstevel@tonic-gate     reply(550, "Permission denied on server.  You are restricted to your account.");
69*0Sstevel@tonic-gate     return 1;
70*0Sstevel@tonic-gate }
71*0Sstevel@tonic-gate 
test_restriction(char * name)72*0Sstevel@tonic-gate int test_restriction(char *name)
73*0Sstevel@tonic-gate {
74*0Sstevel@tonic-gate     char rhome[MAXPATHLEN + 1], rname[MAXPATHLEN + 1], path[MAXPATHLEN + 1];
75*0Sstevel@tonic-gate 
76*0Sstevel@tonic-gate     /* we're not in restrict mode so all access is OK */
77*0Sstevel@tonic-gate     if (restricted_user == FALSE)
78*0Sstevel@tonic-gate 	return 0;
79*0Sstevel@tonic-gate 
80*0Sstevel@tonic-gate     /* get resolved equivalent of user's home directory */
81*0Sstevel@tonic-gate     fb_realpath(home, rhome);
82*0Sstevel@tonic-gate 
83*0Sstevel@tonic-gate     path[0] = '\0';
84*0Sstevel@tonic-gate 
85*0Sstevel@tonic-gate     /* a relative path is specified, so resolve it w.r.t. current working directory */
86*0Sstevel@tonic-gate     if ((name)[0] != '/') {
87*0Sstevel@tonic-gate 
88*0Sstevel@tonic-gate 	char curwd[MAXPATHLEN + 1];
89*0Sstevel@tonic-gate 
90*0Sstevel@tonic-gate 	/* determine current working directory */
91*0Sstevel@tonic-gate #ifdef HAVE_GETCWD
92*0Sstevel@tonic-gate 	if (getcwd(curwd, MAXPATHLEN) == (char *) NULL) {
93*0Sstevel@tonic-gate #else
94*0Sstevel@tonic-gate 	if (getwd(curwd) == (char *) NULL) {
95*0Sstevel@tonic-gate #endif
96*0Sstevel@tonic-gate 	    return 1;
97*0Sstevel@tonic-gate 	}			/* if */
98*0Sstevel@tonic-gate 
99*0Sstevel@tonic-gate 	strcpy(path, curwd);
100*0Sstevel@tonic-gate 	strcat(path, "/");
101*0Sstevel@tonic-gate 
102*0Sstevel@tonic-gate     }				/* if */
103*0Sstevel@tonic-gate 
104*0Sstevel@tonic-gate     if ((strlen(path) + strlen(name) + 2) > sizeof(path)) {
105*0Sstevel@tonic-gate 	return 1;
106*0Sstevel@tonic-gate     }
107*0Sstevel@tonic-gate 
108*0Sstevel@tonic-gate     strcat(path, name);
109*0Sstevel@tonic-gate     fb_realpath(path, rname);
110*0Sstevel@tonic-gate     strcat(rname, "/");
111*0Sstevel@tonic-gate 
112*0Sstevel@tonic-gate     if (strncmp(rhome, rname, strlen(rhome))) {
113*0Sstevel@tonic-gate 	return 1;
114*0Sstevel@tonic-gate     }				/* if */
115*0Sstevel@tonic-gate 
116*0Sstevel@tonic-gate     return 0;
117*0Sstevel@tonic-gate }				/* restrict_check */
118*0Sstevel@tonic-gate 
119*0Sstevel@tonic-gate int restrict_list_check(char *name)
120*0Sstevel@tonic-gate {
121*0Sstevel@tonic-gate     char *beg, *copy, *end;
122*0Sstevel@tonic-gate     int flag;
123*0Sstevel@tonic-gate 
124*0Sstevel@tonic-gate     beg = name;
125*0Sstevel@tonic-gate 
126*0Sstevel@tonic-gate     while (*beg != '\0') {
127*0Sstevel@tonic-gate 
128*0Sstevel@tonic-gate 	flag = 0;
129*0Sstevel@tonic-gate 	end = beg;
130*0Sstevel@tonic-gate 	while (*end && !isspace(*end))
131*0Sstevel@tonic-gate 	    ++end;
132*0Sstevel@tonic-gate 	if (!*end)
133*0Sstevel@tonic-gate 	    flag = 1;
134*0Sstevel@tonic-gate 	if (!flag)
135*0Sstevel@tonic-gate 	    *end = '\0';
136*0Sstevel@tonic-gate 	copy = strdup(beg);
137*0Sstevel@tonic-gate 	if (!flag)
138*0Sstevel@tonic-gate 	    *end = ' ';
139*0Sstevel@tonic-gate 
140*0Sstevel@tonic-gate 	if (!copy) {
141*0Sstevel@tonic-gate 	    reply(550, "Permission denied on server.  Out of memory.");
142*0Sstevel@tonic-gate 	    return 1;
143*0Sstevel@tonic-gate 
144*0Sstevel@tonic-gate 	}			/* if */
145*0Sstevel@tonic-gate 
146*0Sstevel@tonic-gate 	if (restrict_check(copy)) {
147*0Sstevel@tonic-gate 	    free(copy);
148*0Sstevel@tonic-gate 	    return 1;
149*0Sstevel@tonic-gate 	}
150*0Sstevel@tonic-gate 	free(copy);
151*0Sstevel@tonic-gate 	beg = end;
152*0Sstevel@tonic-gate 	if (!flag)
153*0Sstevel@tonic-gate 	    ++beg;
154*0Sstevel@tonic-gate 
155*0Sstevel@tonic-gate     }				/* while */
156*0Sstevel@tonic-gate 
157*0Sstevel@tonic-gate     return 0;
158*0Sstevel@tonic-gate 
159*0Sstevel@tonic-gate }				/* restrict_list_check */
160*0Sstevel@tonic-gate 
161*0Sstevel@tonic-gate /*
162*0Sstevel@tonic-gate  * $Log: restrict.c,v $
163*0Sstevel@tonic-gate  * Revision 1.14  2000/07/01 18:17:39  wuftpd
164*0Sstevel@tonic-gate  *
165*0Sstevel@tonic-gate  * Updated copyright statement for the WU-FTPD Development Group.
166*0Sstevel@tonic-gate  *
167*0Sstevel@tonic-gate  * Revision 1.13  1999/10/08 03:42:12  wuftpd
168*0Sstevel@tonic-gate  * Fixed a bug in restrict_check which could allow access outside the users home
169*0Sstevel@tonic-gate  *
170*0Sstevel@tonic-gate  * Revision 1.12  1999/09/05 02:31:50  wuftpd
171*0Sstevel@tonic-gate  * Add virtual and defaultserver support for email notification
172*0Sstevel@tonic-gate  *
173*0Sstevel@tonic-gate  * Revision 1.11  1999/09/02 19:35:48  wuftpd
174*0Sstevel@tonic-gate  * CDUP was leaking information about restrictions.
175*0Sstevel@tonic-gate  *
176*0Sstevel@tonic-gate  * Revision 1.10  1999/09/02 14:04:29  wuftpd
177*0Sstevel@tonic-gate  * Cleaning up.  Indented and removed some STDC checks
178*0Sstevel@tonic-gate  *
179*0Sstevel@tonic-gate  * Revision 1.9  1999/08/24 23:41:39  wuftpd
180*0Sstevel@tonic-gate  * wu-ftpd-2.4.x RCS Ids removed and new Ids added for wu-ftpd.org usage.
181*0Sstevel@tonic-gate  * WU-FTPD Development Group copyright headers added.
182*0Sstevel@tonic-gate  * Original Copyright headers moved into the COPYRIGHT file.
183*0Sstevel@tonic-gate  * COPYPRIGHT.c added to build for ftpshut and ftpd.
184*0Sstevel@tonic-gate  *
185*0Sstevel@tonic-gate  * Revision 1.2  1996/02/20 04:54:04  root
186*0Sstevel@tonic-gate  * added #define to make gcc use HAVE_GETCWD
187*0Sstevel@tonic-gate  *
188*0Sstevel@tonic-gate  * Revision 1.1  1996/02/20 03:52:48  root
189*0Sstevel@tonic-gate  * Initial revision
190*0Sstevel@tonic-gate  *
191*0Sstevel@tonic-gate  */
192