muddleftpd-track
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Muddleftpd-track] [Patch #647] adds basic scripting support (preup,post

From: nobody
Subject: [Muddleftpd-track] [Patch #647] adds basic scripting support (preup,postup,dirname,postdel)
Date: Mon, 11 Nov 2002 23:35:25 -0500 
Patch #647 has been updated. 

Project: 
Category: addon
Status: Open
Summary: adds basic scripting support (preup,postup,dirname,postdel)

Follow-Ups:

Date: 2002-Nov-11 18:45
By: mcree

Comment:
i'm lame to savannah... 8)
-------------------------------------------------------

Date: 2002-Nov-11 19:30
By: mcree

Comment:
Basically this patch adds scripting support for the most important scriptable 
ftp events: uploading, removing files and directory creation. Scripts get the 
most significant environmental conditions (filename, current user, rootdir, 
vserver name, client address) trough commandline parameters.

There are 4 new configuration options for vservers:

# pre-up: executes script upon STOR command. 
# can deny access via returning errorcode of 1 
# otherwise must exit with 0
preupscript /path/to/executable
# post-up: executes script upon 'transfer done'. 
# can remove uploaded file by returning errorcode of 1
# otherwise must exit with 0
postupscript /path/to/executable
# post-del: executes script after DELE command.
postdelscript /path/to/executable
# dir-name: executes script upon MKDIR command. 
# can deny access via returning errorcode of 1
# otherwise must exit with 0
dirnamescript /path/to/executable

the commandline parameters passed to the scripts are the following:
1. filename with full path (relative to chroot see bellow) [dangerous 
characters escaped in order to prevent shell expansion or other misbehaviour]
2. users root directory [dirname is escaped too]
3. current username (user's login name)
4. current groupname
5. remote host's ip (dotted quad format)
6. remote host's name
7. current vserver section name (from configfile)

The scripts are run trough the system() call.

Remember: when you use chrooting (muddleftpd is running with full privileges), 
scripts must be executable in the chroot jail. To achieve this you may need to 
create /lib, /bin and other sysdirs and fill them with the necessary libs and 
executables (you'll need /bin/sh for sure... 8)

This patch was a must for me, so i must had it done... only glftpd 
(www.glftpd.org) allows this kind of scripting, but it's closed-source and 
breaks things here or there... muddleftpd is clean and has a better conceptual 
architecture... so keep it up... and i hope that other's will find my code 
usefull too...

-------------------------------------------------------

Date: 2002-Nov-11 19:51
By: mcree

Comment:
sample postup script (it's used on our freeweb service to maintain user quotas):

===========8<=========================[cut here]=======================
#!/bin/bash

maxsize='10240' # user quota in kilobytes
tmpdir='/home/www-data/www.webhely.hu/tmp'

lastfree=`cat $tmpdir/$3`

used=`du -k -s $2 | cut -f 1`

test=`echo $used $maxsize | awk '{ print( ($2 - $1) < 0 ); }'`

if [ "$test" == "1" ]; then
    mkdir "$2/=0[------------------------]0="
    mkdir "$2/=1[  Your previous upload  ]1="
    mkdir "$2/=2[  was aborted due lack  ]2="
    mkdir "$2/=3[       of space!        ]3="
    mkdir "$2/=4[------------------------]4="
    exit 1
fi

free=`echo $used $maxsize | awk '{ printf("=[free space - %.2f Mbytes]=", ($2 - 
$1) / 1024 ); }'`
echo "$free" > "$tmpdir/$3"
rmdir "$2/$lastfree"
mkdir "$2/$free"

#for debugging:
#echo "$0 $1 $2 $3 $4 $5 $6 $7 $8 $9" >> /tmp/zipscript.log

exit 0

-------------------------------------------------------

Date: 2002-Nov-12 04:07
By: rugger

Comment:
Umm, I can't get the patch as text. I get a binary file when I as to view the 
Raw Patch.

If It is me, please tell me what I am doing wrong.

If it isn't me, and the patch is borked, please resubmit in text form.

Also be aware that I cannot add this patch to muddleftpd main, since it means 
breaking one of the security rules this server was built on. (ie, not to run 
external programs)

When I create a more general module system, this would be a good candidate for 
a module.

Thanks
Beau Kuiper

-------------------------------------------------------

Date: 2002-Nov-12 04:21
By: rugger

Comment:
Oh, its compressed :)

Silly me

-------------------------------------------------------

Date: 2002-Nov-12 04:35
By: rugger

Comment:
One suggestion.

There appears to be a race condition in your upload code. It can allow someone 
to:
1) Upload a file, then rename it before the system deletes it via FTP.
2) Upload a file, knowing it will be deleted, then rename another file into its 
place, where the system deletes it.

To fix this, you need to have muddleftpd upload to a temporary file, and then 
automaticly program the ACL's to deny access to filenames of that type. 

eg

add .temp to the filename automagicly when the user uploads it (where a script 
must decide to keep it or not) and then, if the server finds the configuration 
arguments that means it must run the script, execute

acllist_add(peer->acls, "*.temp", "NONE", TRUE);

There may be other race conditions in there to, so please check it out.

Also, I prefer unified diff patches to cvs patch since I can read them easier.

Thanks again.
-------------------------------------------------------

-------------------------------------------------------
For more info, visit:

http://savannah.nongnu.org/patch/?func=detailpatch&patch_id=647&group_id=3025
reply via email to
[Prev in Thread] Current Thread [Next in Thread]