[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Muddleftpd-track] [Patch #647] adds basic scripting support (preup,post
From: |
nobody |
Subject: |
[Muddleftpd-track] [Patch #647] adds basic scripting support (preup,postup,dirname,postdel) |
Date: |
Mon, 11 Nov 2002 23:35:25 -0500 |
Patch #647 has been updated.
Project:
Category: addon
Status: Open
Summary: adds basic scripting support (preup,postup,dirname,postdel)
Follow-Ups:
Date: 2002-Nov-11 18:45
By: mcree
Comment:
i'm lame to savannah... 8)
-------------------------------------------------------
Date: 2002-Nov-11 19:30
By: mcree
Comment:
Basically this patch adds scripting support for the most important scriptable
ftp events: uploading, removing files and directory creation. Scripts get the
most significant environmental conditions (filename, current user, rootdir,
vserver name, client address) trough commandline parameters.
There are 4 new configuration options for vservers:
# pre-up: executes script upon STOR command.
# can deny access via returning errorcode of 1
# otherwise must exit with 0
preupscript /path/to/executable
# post-up: executes script upon 'transfer done'.
# can remove uploaded file by returning errorcode of 1
# otherwise must exit with 0
postupscript /path/to/executable
# post-del: executes script after DELE command.
postdelscript /path/to/executable
# dir-name: executes script upon MKDIR command.
# can deny access via returning errorcode of 1
# otherwise must exit with 0
dirnamescript /path/to/executable
the commandline parameters passed to the scripts are the following:
1. filename with full path (relative to chroot see bellow) [dangerous
characters escaped in order to prevent shell expansion or other misbehaviour]
2. users root directory [dirname is escaped too]
3. current username (user's login name)
4. current groupname
5. remote host's ip (dotted quad format)
6. remote host's name
7. current vserver section name (from configfile)
The scripts are run trough the system() call.
Remember: when you use chrooting (muddleftpd is running with full privileges),
scripts must be executable in the chroot jail. To achieve this you may need to
create /lib, /bin and other sysdirs and fill them with the necessary libs and
executables (you'll need /bin/sh for sure... 8)
This patch was a must for me, so i must had it done... only glftpd
(www.glftpd.org) allows this kind of scripting, but it's closed-source and
breaks things here or there... muddleftpd is clean and has a better conceptual
architecture... so keep it up... and i hope that other's will find my code
usefull too...
-------------------------------------------------------
Date: 2002-Nov-11 19:51
By: mcree
Comment:
sample postup script (it's used on our freeweb service to maintain user quotas):
===========8<=========================[cut here]=======================
#!/bin/bash
maxsize='10240' # user quota in kilobytes
tmpdir='/home/www-data/www.webhely.hu/tmp'
lastfree=`cat $tmpdir/$3`
used=`du -k -s $2 | cut -f 1`
test=`echo $used $maxsize | awk '{ print( ($2 - $1) < 0 ); }'`
if [ "$test" == "1" ]; then
mkdir "$2/=0[------------------------]0="
mkdir "$2/=1[ Your previous upload ]1="
mkdir "$2/=2[ was aborted due lack ]2="
mkdir "$2/=3[ of space! ]3="
mkdir "$2/=4[------------------------]4="
exit 1
fi
free=`echo $used $maxsize | awk '{ printf("=[free space - %.2f Mbytes]=", ($2 -
$1) / 1024 ); }'`
echo "$free" > "$tmpdir/$3"
rmdir "$2/$lastfree"
mkdir "$2/$free"
#for debugging:
#echo "$0 $1 $2 $3 $4 $5 $6 $7 $8 $9" >> /tmp/zipscript.log
exit 0
-------------------------------------------------------
Date: 2002-Nov-12 04:07
By: rugger
Comment:
Umm, I can't get the patch as text. I get a binary file when I as to view the
Raw Patch.
If It is me, please tell me what I am doing wrong.
If it isn't me, and the patch is borked, please resubmit in text form.
Also be aware that I cannot add this patch to muddleftpd main, since it means
breaking one of the security rules this server was built on. (ie, not to run
external programs)
When I create a more general module system, this would be a good candidate for
a module.
Thanks
Beau Kuiper
-------------------------------------------------------
Date: 2002-Nov-12 04:21
By: rugger
Comment:
Oh, its compressed :)
Silly me
-------------------------------------------------------
Date: 2002-Nov-12 04:35
By: rugger
Comment:
One suggestion.
There appears to be a race condition in your upload code. It can allow someone
to:
1) Upload a file, then rename it before the system deletes it via FTP.
2) Upload a file, knowing it will be deleted, then rename another file into its
place, where the system deletes it.
To fix this, you need to have muddleftpd upload to a temporary file, and then
automaticly program the ACL's to deny access to filenames of that type.
eg
add .temp to the filename automagicly when the user uploads it (where a script
must decide to keep it or not) and then, if the server finds the configuration
arguments that means it must run the script, execute
acllist_add(peer->acls, "*.temp", "NONE", TRUE);
There may be other race conditions in there to, so please check it out.
Also, I prefer unified diff patches to cvs patch since I can read them easier.
Thanks again.
-------------------------------------------------------
-------------------------------------------------------
For more info, visit:
http://savannah.nongnu.org/patch/?func=detailpatch&patch_id=647&group_id=3025
- [Muddleftpd-track] [Patch #647] adds basic scripting support (preup,postup,dirname,postdel), nobody, 2002/11/11
- [Muddleftpd-track] [Patch #647] adds basic scripting support (preup,postup,dirname,postdel), nobody, 2002/11/11
- [Muddleftpd-track] [Patch #647] adds basic scripting support (preup,postup,dirname,postdel), nobody, 2002/11/11
- [Muddleftpd-track] [Patch #647] adds basic scripting support (preup,postup,dirname,postdel), nobody, 2002/11/11
- [Muddleftpd-track] [Patch #647] adds basic scripting support (preup,postup,dirname,postdel), nobody, 2002/11/11
- [Muddleftpd-track] [Patch #647] adds basic scripting support (preup,postup,dirname,postdel), nobody, 2002/11/11
- [Muddleftpd-track] [Patch #647] adds basic scripting support (preup,postup,dirname,postdel), nobody, 2002/11/11
- [Muddleftpd-track] [Patch #647] adds basic scripting support (preup,postup,dirname,postdel),
nobody <=
- [Muddleftpd-track] [Patch #647] adds basic scripting support (preup,postup,dirname,postdel), nobody, 2002/11/13
- Prev by Date:
[Muddleftpd-track] [Patch #647] adds basic scripting support (preup,postup,dirname,postdel)
- Next by Date:
[Muddleftpd-track] [Patch #647] adds basic scripting support (preup,postup,dirname,postdel)
- Previous by thread:
[Muddleftpd-track] [Patch #647] adds basic scripting support (preup,postup,dirname,postdel)
- Next by thread:
[Muddleftpd-track] [Patch #647] adds basic scripting support (preup,postup,dirname,postdel)
- Index(es):