release/src-rt-6.x.4708/router/vsftpd/parseconf.c

   1 /*
   2  * Part of Very Secure FTPd
   3  * Licence: GPL v2
   4  * Author: Chris Evans
   5  * parseconf.c
   6  *
   7  * Routines and support to load in a file full of tunable variables and
   8  * settings, populating corresponding runtime variables.
   9  */
  10
  11 #include "parseconf.h"
  12 #include "tunables.h"
  13 #include "str.h"
  14 #include "filestr.h"
  15 #include "defs.h"
  16 #include "sysutil.h"
  17 #include "utility.h"
  18
  19 static const char* s_p_saved_filename;
  20
  21 /* Tables mapping setting names to runtime variables */
  22 /* Boolean settings */
  23 static struct parseconf_bool_setting
  24 {
  25   const char* p_setting_name;
  26   int* p_variable;
  27 }
  28 parseconf_bool_array[] =
  29 {
  30   { "anonymous_enable", &tunable_anonymous_enable },
  31   { "local_enable", &tunable_local_enable },
  32   { "pasv_enable", &tunable_pasv_enable },
  33   { "port_enable", &tunable_port_enable },
  34   { "chroot_local_user", &tunable_chroot_local_user },
  35   { "write_enable", &tunable_write_enable },
  36   { "anon_upload_enable", &tunable_anon_upload_enable },
  37   { "anon_mkdir_write_enable", &tunable_anon_mkdir_write_enable },
  38   { "anon_other_write_enable", &tunable_anon_other_write_enable },
  39   { "anon_allow_writable_root", &tunable_anon_allow_writable_root },
  40   { "chown_uploads", &tunable_chown_uploads },
  41   { "connect_from_port_20", &tunable_connect_from_port_20 },
  42   { "xferlog_enable", &tunable_xferlog_enable },
  43   { "dirmessage_enable", &tunable_dirmessage_enable },
  44   { "anon_world_readable_only", &tunable_anon_world_readable_only },
  45   { "async_abor_enable", &tunable_async_abor_enable },
  46   { "ascii_upload_enable", &tunable_ascii_upload_enable },
  47   { "ascii_download_enable", &tunable_ascii_download_enable },
  48   { "one_process_model", &tunable_one_process_model },
  49   { "xferlog_std_format", &tunable_xferlog_std_format },
  50   { "pasv_promiscuous", &tunable_pasv_promiscuous },
  51   { "deny_email_enable", &tunable_deny_email_enable },
  52   { "chroot_list_enable", &tunable_chroot_list_enable },
  53   { "setproctitle_enable", &tunable_setproctitle_enable },
  54   { "text_userdb_names", &tunable_text_userdb_names },
  55   { "ls_recurse_enable", &tunable_ls_recurse_enable },
  56   { "log_ftp_protocol", &tunable_log_ftp_protocol },
  57   { "guest_enable", &tunable_guest_enable },
  58   { "userlist_enable", &tunable_userlist_enable },
  59   { "userlist_deny", &tunable_userlist_deny },
  60   { "use_localtime", &tunable_use_localtime },
  61   { "check_shell", &tunable_check_shell },
  62   { "hide_ids", &tunable_hide_ids },
  63   { "listen", &tunable_listen },
  64   { "port_promiscuous", &tunable_port_promiscuous },
  65   { "passwd_chroot_enable", &tunable_passwd_chroot_enable },
  66   { "no_anon_password", &tunable_no_anon_password },
  67   { "tcp_wrappers", &tunable_tcp_wrappers },
  68   { "use_sendfile", &tunable_use_sendfile },
  69   { "force_dot_files", &tunable_force_dot_files },
  70   { "listen_ipv6", &tunable_listen_ipv6 },
  71   { "dual_log_enable", &tunable_dual_log_enable },
  72   { "syslog_enable", &tunable_syslog_enable },
  73   { "background", &tunable_background },
  74   { "virtual_use_local_privs", &tunable_virtual_use_local_privs },
  75   { "session_support", &tunable_session_support },
  76   { "download_enable", &tunable_download_enable },
  77   { "dirlist_enable", &tunable_dirlist_enable },
  78   { "chmod_enable", &tunable_chmod_enable },
  79   { "secure_email_list_enable", &tunable_secure_email_list_enable },
  80   { "run_as_launching_user", &tunable_run_as_launching_user },
  81   { "no_log_lock", &tunable_no_log_lock },
  82   { "ssl_enable", &tunable_ssl_enable },
  83   { "allow_anon_ssl", &tunable_allow_anon_ssl },
  84   { "force_local_logins_ssl", &tunable_force_local_logins_ssl },
  85   { "force_local_data_ssl", &tunable_force_local_data_ssl },
  86   { "ssl_sslv2", &tunable_sslv2 },
  87   { "ssl_sslv3", &tunable_sslv3 },
  88   { "ssl_tlsv1", &tunable_tlsv1 },
  89   { "tilde_user_enable", &tunable_tilde_user_enable },
  90   { "force_anon_logins_ssl", &tunable_force_anon_logins_ssl },
  91   { "force_anon_data_ssl", &tunable_force_anon_data_ssl },
  92   { "mdtm_write", &tunable_mdtm_write },
  93   { "lock_upload_files", &tunable_lock_upload_files },
  94   { "pasv_addr_resolve", &tunable_pasv_addr_resolve },
  95   { "debug_ssl", &tunable_debug_ssl },
  96   { "require_cert", &tunable_require_cert },
  97   { "validate_cert", &tunable_validate_cert },
  98   { "strict_ssl_read_eof", &tunable_strict_ssl_read_eof },
  99   { "strict_ssl_write_shutdown", &tunable_strict_ssl_write_shutdown },
 100   { "ssl_request_cert", &tunable_ssl_request_cert },
 101   { "delete_failed_uploads", &tunable_delete_failed_uploads },
 102   { "implicit_ssl", &tunable_implicit_ssl },
 103   { "sandbox", &tunable_sandbox },
 104   { "require_ssl_reuse", &tunable_require_ssl_reuse },
 105   { "isolate", &tunable_isolate },
 106   { "isolate_network", &tunable_isolate_network },
 107   { "ftp_enable", &tunable_ftp_enable },
 108   { "http_enable", &tunable_http_enable },
 109   { 0, 0 }
 110 };
 111
 112 static struct parseconf_uint_setting
 113 {
 114   const char* p_setting_name;
 115   unsigned int* p_variable;
 116 }
 117 parseconf_uint_array[] =
 118 {
 119   { "accept_timeout", &tunable_accept_timeout },
 120   { "connect_timeout", &tunable_connect_timeout },
 121   { "local_umask", &tunable_local_umask },
 122   { "anon_umask", &tunable_anon_umask },
 123   { "ftp_data_port", &tunable_ftp_data_port },
 124   { "idle_session_timeout", &tunable_idle_session_timeout },
 125   { "data_connection_timeout", &tunable_data_connection_timeout },
 126   { "pasv_min_port", &tunable_pasv_min_port },
 127   { "pasv_max_port", &tunable_pasv_max_port },
 128   { "anon_max_rate", &tunable_anon_max_rate },
 129   { "local_max_rate", &tunable_local_max_rate },
 130   { "listen_port", &tunable_listen_port },
 131   { "max_clients", &tunable_max_clients },
 132   { "file_open_mode", &tunable_file_open_mode },
 133   { "max_per_ip", &tunable_max_per_ip },
 134   { "trans_chunk_size", &tunable_trans_chunk_size },
 135   { "delay_failed_login", &tunable_delay_failed_login },
 136   { "delay_successful_login", &tunable_delay_successful_login },
 137   { "max_login_fails", &tunable_max_login_fails },
 138   { "chown_upload_mode", &tunable_chown_upload_mode },
 139   { 0, 0 }
 140 };
 141
 142 static struct parseconf_str_setting
 143 {
 144   const char* p_setting_name;
 145   const char** p_variable;
 146 }
 147 parseconf_str_array[] =
 148 {
 149   { "secure_chroot_dir", &tunable_secure_chroot_dir },
 150   { "ftp_username", &tunable_ftp_username },
 151   { "chown_username", &tunable_chown_username },
 152   { "xferlog_file", &tunable_xferlog_file },
 153   { "vsftpd_log_file", &tunable_vsftpd_log_file },
 154   { "message_file", &tunable_message_file },
 155   { "nopriv_user", &tunable_nopriv_user },
 156   { "ftpd_banner", &tunable_ftpd_banner },
 157   { "banned_email_file", &tunable_banned_email_file },
 158   { "chroot_list_file", &tunable_chroot_list_file },
 159   { "pam_service_name", &tunable_pam_service_name },
 160   { "guest_username", &tunable_guest_username },
 161   { "userlist_file", &tunable_userlist_file },
 162   { "anon_root", &tunable_anon_root },
 163   { "local_root", &tunable_local_root },
 164   { "banner_file", &tunable_banner_file },
 165   { "pasv_address", &tunable_pasv_address },
 166   { "listen_address", &tunable_listen_address },
 167   { "user_config_dir", &tunable_user_config_dir },
 168   { "listen_address6", &tunable_listen_address6 },
 169   { "cmds_allowed", &tunable_cmds_allowed },
 170   { "hide_file", &tunable_hide_file },
 171   { "deny_file", &tunable_deny_file },
 172   { "user_sub_token", &tunable_user_sub_token },
 173   { "email_password_file", &tunable_email_password_file },
 174   { "rsa_cert_file", &tunable_rsa_cert_file },
 175   { "dsa_cert_file", &tunable_dsa_cert_file },
 176   { "ssl_ciphers", &tunable_ssl_ciphers },
 177   { "rsa_private_key_file", &tunable_rsa_private_key_file },
 178   { "dsa_private_key_file", &tunable_dsa_private_key_file },
 179   { "ca_certs_file", &tunable_ca_certs_file },
 180   { "cmds_denied", &tunable_cmds_denied },
 181   { "passwd_file", &tunable_passwd_file },
 182   { 0, 0 }
 183 };
 184
 185 void
 186 vsf_parseconf_load_file(const char* p_filename, int errs_fatal)
 187 {
 188   struct mystr config_file_str = INIT_MYSTR;
 189   struct mystr config_setting_str = INIT_MYSTR;
 190   struct mystr config_value_str = INIT_MYSTR;
 191   unsigned int str_pos = 0;
 192   int retval;
 193   if (!p_filename)
 194   {
 195     p_filename = s_p_saved_filename;
 196   }
 197   else
 198   {
 199     if (s_p_saved_filename)
 200     {
 201       vsf_sysutil_free((char*)s_p_saved_filename);
 202     }
 203     s_p_saved_filename = vsf_sysutil_strdup(p_filename);
 204   }
 205   if (!p_filename)
 206   {
 207     bug("null filename in vsf_parseconf_load_file");
 208   }
 209   retval = str_fileread(&config_file_str, p_filename, VSFTP_CONF_FILE_MAX);
 210   if (vsf_sysutil_retval_is_error(retval))
 211   {
 212     if (errs_fatal)
 213     {
 214       die2("cannot read config file: ", p_filename);
 215     }
 216     else
 217     {
 218       str_free(&config_file_str);
 219       return;
 220     }
 221   }
 222   {
 223     struct vsf_sysutil_statbuf* p_statbuf = 0;
 224     retval = vsf_sysutil_stat(p_filename, &p_statbuf);
 225     /* Security: check current user owns the config file. These are sanity
 226      * checks for the admin, and are NOT designed to be checks safe from
 227      * race conditions.
 228      */
 229     if (vsf_sysutil_retval_is_error(retval) ||
 230         vsf_sysutil_statbuf_get_uid(p_statbuf) != vsf_sysutil_getuid() ||
 231         !vsf_sysutil_statbuf_is_regfile(p_statbuf))
 232     {
 233       die("config file not owned by correct user, or not a file");
 234     }
 235     vsf_sysutil_free(p_statbuf);
 236   }
 237   while (str_getline(&config_file_str, &config_setting_str, &str_pos))
 238   {
 239     if (str_isempty(&config_setting_str) ||
 240         str_get_char_at(&config_setting_str, 0) == '#' ||
 241         str_all_space(&config_setting_str))
 242     {
 243       continue;
 244     }
 245     vsf_parseconf_load_setting(str_getbuf(&config_setting_str), errs_fatal);
 246   }
 247   str_free(&config_file_str);
 248   str_free(&config_setting_str);
 249   str_free(&config_value_str);
 250 }
 251
 252 void
 253 vsf_parseconf_load_setting(const char* p_setting, int errs_fatal)
 254 {
 255   static struct mystr s_setting_str;
 256   static struct mystr s_value_str;
 257   while (vsf_sysutil_isspace(*p_setting))
 258   {
 259     p_setting++;
 260   }
 261   str_alloc_text(&s_setting_str, p_setting);
 262   str_split_char(&s_setting_str, &s_value_str, '=');
 263   /* Is it a string setting? */
 264   {
 265     const struct parseconf_str_setting* p_str_setting = parseconf_str_array;
 266     while (p_str_setting->p_setting_name != 0)
 267     {
 268       if (str_equal_text(&s_setting_str, p_str_setting->p_setting_name))
 269       {
 270         /* Got it */
 271         const char** p_curr_setting = p_str_setting->p_variable;
 272         if (*p_curr_setting)
 273         {
 274           vsf_sysutil_free((char*) *p_curr_setting);
 275         }
 276         if (str_isempty(&s_value_str))
 277         {
 278           *p_curr_setting = 0;
 279         }
 280         else
 281         {
 282           *p_curr_setting = str_strdup(&s_value_str);
 283         }
 284         return;
 285       }
 286       p_str_setting++;
 287     }
 288   }
 289   if (str_isempty(&s_value_str))
 290   {
 291     if (errs_fatal)
 292     {
 293       die2("missing value in config file for: ", str_getbuf(&s_setting_str));
 294     }
 295     else
 296     {
 297       return;
 298     }
 299   }
 300   /* Is it a boolean value? */
 301   {
 302     const struct parseconf_bool_setting* p_bool_setting = parseconf_bool_array;
 303     while (p_bool_setting->p_setting_name != 0)
 304     {
 305       if (str_equal_text(&s_setting_str, p_bool_setting->p_setting_name))
 306       {
 307         /* Got it */
 308         str_upper(&s_value_str);
 309         if (str_equal_text(&s_value_str, "YES") ||
 310             str_equal_text(&s_value_str, "TRUE") ||
 311             str_equal_text(&s_value_str, "1"))
 312         {
 313           *(p_bool_setting->p_variable) = 1;
 314         }
 315         else if (str_equal_text(&s_value_str, "NO") ||
 316                  str_equal_text(&s_value_str, "FALSE") ||
 317                  str_equal_text(&s_value_str, "0"))
 318         {
 319           *(p_bool_setting->p_variable) = 0;
 320         }
 321         else if (errs_fatal)
 322         {
 323           die2("bad bool value in config file for: ",
 324                str_getbuf(&s_setting_str));
 325         }
 326         return;
 327       }
 328       p_bool_setting++;
 329     }
 330   }
 331   /* Is it an unsigned integer setting? */
 332   {
 333     const struct parseconf_uint_setting* p_uint_setting = parseconf_uint_array;
 334     while (p_uint_setting->p_setting_name != 0)
 335     {
 336       if (str_equal_text(&s_setting_str, p_uint_setting->p_setting_name))
 337       {
 338         /* Got it */
 339         /* If the value starts with 0, assume it's an octal value */
 340         if (!str_isempty(&s_value_str) &&
 341             str_get_char_at(&s_value_str, 0) == '0')
 342         {
 343           *(p_uint_setting->p_variable) = str_octal_to_uint(&s_value_str);
 344         }
 345         else
 346         {
 347           *(p_uint_setting->p_variable) = str_atoi(&s_value_str);
 348         }
 349         return;
 350       }
 351       p_uint_setting++;
 352     }
 353   }
 354   if (errs_fatal)
 355   {
 356     die2("unrecognised variable in config file: ", str_getbuf(&s_setting_str));
 357   }
 358 }