--- proftpd-1.2.0rc2.orig/contrib/mod_mysql.c +++ proftpd-1.2.0rc2/contrib/mod_mysql.c @@ -50,6 +50,9 @@ char *sql_user; char *sql_pass; char *sql_dbname; + char *sql_dbsocket; + char *sql_dbport; + char *sql_dboptions; int ok; int opens; @@ -79,6 +82,13 @@ MODRET sql_cmd_open (cmd_rec * cmd) { + unsigned int myp=0,myopt=0; + + if (g.sql_dbport != NULL) + myp=(unsigned int)atoi(g.sql_dbport); + if (g.sql_dboptions != NULL) + myopt=(unsigned int)atol(g.sql_dboptions); + if (!g.ok) return DECLINED (cmd); @@ -87,8 +97,18 @@ if (g.opens > 1) return HANDLED (cmd); +#if MYSQL_VERSION_ID >= 32200 + mysql_init(&mod_mysql_server); + if (!(mysqldb = mysql_real_connect(&mod_mysql_server, g.sql_host, + g.sql_user, g.sql_pass, + NULL, + myp, g.sql_dbsocket, + myopt) ) + ) +#else if (!(mysqldb = mysql_connect (&mod_mysql_server, g.sql_host, g.sql_user, g.sql_pass))) +#endif { log_pri (LOG_ERR, "mysql: client %s connect FAILED to %s@%s", mysql_get_client_info (), g.sql_user, g.sql_host); @@ -205,12 +225,41 @@ (void *) cmd->argv[3], (void *) cmd->argv[4]); return HANDLED (cmd); } +MODRET +set_sqlinfo2 (cmd_rec * cmd) +{ + CHECK_ARGS (cmd, 1); + CHECK_CONF (cmd, CONF_ROOT | CONF_GLOBAL | CONF_VIRTUAL); + add_config_param_str ("MySQLSocket", 1, + (void *) cmd->argv[1]); + return HANDLED (cmd); +} +MODRET +set_sqlinfo3 (cmd_rec * cmd) +{ + CHECK_ARGS (cmd, 1); + CHECK_CONF (cmd, CONF_ROOT | CONF_GLOBAL | CONF_VIRTUAL); + add_config_param_str ("MySQLPort", 1, + (void *) cmd->argv[1] ); + return HANDLED (cmd); +} +MODRET +set_sqlinfo4 (cmd_rec * cmd) +{ + CHECK_ARGS (cmd, 1); + CHECK_CONF (cmd, CONF_ROOT | CONF_GLOBAL | CONF_VIRTUAL); + add_config_param_str ("MySQLOptions", 1, + (void *) cmd->argv[1] ); + return HANDLED (cmd); +} static conftable mysql_conftab[] = { /* *INDENT-OFF* */ { "MySQLInfo", set_sqlinfo, NULL }, - + { "MySQLSocket", set_sqlinfo2, NULL }, + { "MySQLPort", set_sqlinfo3, NULL }, + { "MySQLOptions", set_sqlinfo4, NULL }, { 0, NULL } /* *INDENT-ON* */ @@ -222,8 +271,14 @@ mysql_modinit () { config_rec *c; + unsigned int myp=0, myopt=0; memset (&g, 0, sizeof (g)); + + g.sql_dbsocket=NULL; + g.sql_dbport=NULL; + g.sql_dboptions=NULL; + if (!(c = find_config (CURRENT_CONF, CONF_PARAM, "MySQLInfo", FALSE))) return 0; @@ -231,10 +286,27 @@ g.sql_user = pstrdup (session.pool, c->argv[1]); g.sql_pass = pstrdup (session.pool, c->argv[2]); g.sql_dbname = pstrdup (session.pool, c->argv[3]); + + if ((c = find_config (CURRENT_CONF, CONF_PARAM, "MySQLPort", FALSE))) + g.sql_dbport = pstrdup (session.pool, c->argv[0]); + + if ((c = find_config (CURRENT_CONF, CONF_PARAM, "MySQLSocket", FALSE))) + g.sql_dbsocket = pstrdup (session.pool, c->argv[0]); + + if ((c = find_config (CURRENT_CONF, CONF_PARAM, "MySQLOptions", FALSE))) + g.sql_dboptions = pstrdup (session.pool, c->argv[0]); + g.ok = TRUE; - log_debug (DEBUG5, "%s: configured: db %s at %s@%s", - MOD_MYSQL_VERSION, g.sql_dbname, g.sql_user, g.sql_host); + if (g.sql_dbport != NULL) + myp=(unsigned int)atoi(g.sql_dbport); + if (g.sql_dboptions != NULL) + myopt=(unsigned int)atol(g.sql_dboptions); + + log_debug (DEBUG5, "%s: configured: db %s at %s@%s:%d:%s %d %s", + MOD_MYSQL_VERSION, g.sql_dbname, g.sql_user, g.sql_host, + myp, g.sql_dbsocket, myopt, g.sql_pass); + return 0; } --- proftpd-1.2.0rc2.orig/contrib/mod_sqlpw.c +++ proftpd-1.2.0rc2/contrib/mod_sqlpw.c @@ -65,6 +65,7 @@ /* A uid or gid less than this is mapped to the magic numbers above instead of simply rejected (which is arguably better, hmm.) */ #define MOD_SQL_MIN_ID 999 +#define MOD_SQL_MIN_GID 100 #define MOD_SQL_MAGIC_SHELL "/bin/sh" @@ -311,18 +312,22 @@ g.pw.pw_uid = MOD_SQL_MAGIC_USER; if (g.sql_gid) g.pw.pw_gid = atoi (_uservar (cmd, cmd->argv[0], g.sql_gid) ? : "0"); - if (g.pw.pw_gid < MOD_SQL_MIN_ID) +/* if (g.pw.pw_gid < MOD_SQL_MIN_ID) humm??? this should be */ +/* if (g.pw.pw_uid < MOD_SQL_MIN_ID) or */ + if (g.pw.pw_gid < MOD_SQL_MIN_GID) g.pw.pw_gid = MOD_SQL_MAGIC_GROUP; g.pw.pw_shell = MOD_SQL_MAGIC_SHELL; g.pw.pw_dir = (char *) g.homedir; log_debug (DEBUG3, "sqlpw: user \"%s\" (%i/%i) for %s", - cmd->argv[0], g.pw.pw_uid, g.pw.pw_gid, g.pw.pw_dir); + g.pw.pw_name, g.pw.pw_uid, g.pw.pw_gid, g.pw.pw_dir); /* Copy username so proftpd anon handling won't confuse the issue. */ /* FIXME: unnecessary mysqlism */ + /* mysql_escape_string (g.user, g.pw.pw_name, strlen (g.pw.pw_name)); g.user[ARBITRARY_MAX - 1] = 0; + */ } return mod_create_data (cmd, &g.pw); --- proftpd-1.2.0rc2.orig/modules/mod_auth.c +++ proftpd-1.2.0rc2/modules/mod_auth.c @@ -552,7 +552,7 @@ dir = realdir; } } - +log_debug(DEBUG5, "_get_default_root: %s", dir); return dir; } @@ -620,6 +620,8 @@ log_pri(LOG_NOTICE, "USER %s (Login failed): Can't find user.", user); goto auth_failure; } + +log_debug(DEBUG5, "_setup_environment: %s: %s,%s,%d,%d,%s,%s", user, pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid, pw->pw_shell, pw->pw_dir); /* security: other functions perform pw lookups, thus we need to make * a local copy of the user just looked up --- proftpd-1.2.0rc2.orig/src/dirtree.c +++ proftpd-1.2.0rc2/src/dirtree.c @@ -436,12 +436,15 @@ if(strcmp(*(((char**)session.groups->elts)+cnt),grp) == 0) { found = !found; break; } - + if (found == TRUE) return TRUE; + /* if(!found) { expr = NULL; break; } + */ } + return FALSE; if(expr) return TRUE;