Want more features on Pastebin? Sign Up, it's FREE!
Guest

pure-ftpd-wrapper

By: a guest on Jan 13th, 2012  |  syntax: Bash  |  size: 12.14 KB  |  views: 105  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. #! /usr/bin/perl
  2. #
  3. # Copyright 2002,2003,2004,2005,2007,2009,2010,2011 by Stefan Hornburg (Racke) <racke@linuxia.de>
  4. #
  5. # This program is free software; you can redistribute it and/or modify
  6. # it under the terms of the GNU General Public License as published by
  7. # the Free Software Foundation; either version 2 of the License, or
  8. # (at your option) any later version.
  9. #
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13. # GNU General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU General Public
  16. # License along with this program; if not, write to the Free
  17. # Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
  18. # MA  02111-1307  USA.
  19.  
  20. use strict;
  21. use warnings;
  22.  
  23. use File::Basename;
  24. use File::Spec;
  25.  
  26. my $daemon = '/usr/sbin/pure-ftpd';
  27. my @capabilities = @ARGV;
  28.  
  29. if ($ARGV[0]) {
  30.         $daemon = "$daemon-$ARGV[0]";
  31. }
  32.  
  33. # configuration schema
  34. #
  35. # fields of the array:
  36. # 0. option name
  37. # 1. parser
  38. # 2. priority
  39. #
  40. # SysLogFacility has the highest priority, because we want to
  41. # avoid to log to the wrong location (see pure-ftpd manpage).
  42.  
  43. my %conf = ('AllowAnonymousFXP' => ['-W'],
  44.                         'AllowDotFiles' => ['-z'],
  45.                         'AllowUserFXP' => ['-w'],
  46.                         'AltLog' => ['-O %s', \&parse_string],
  47.                         'AnonymousBandwidth' => ['-t %s', \&parse_number_1_2],
  48.                         'AnonymousCanCreateDirs' => ['-M'],
  49.                         'AnonymousCantUpload' => ['-i'],
  50.                         'AnonymousOnly', => ['-e'],
  51.                         'AnonymousRatio' => ['-q %d:%d', \&parse_number_2],
  52.                         'AntiWarez' => ['-s'],
  53.                         'AutoRename' => ['-r'],
  54.                         'Bind' => ['-S %s', \&parse_string],
  55.                         'BrokenClientsCompatibility' => ['-b'],
  56.                         'CallUploadScript' => ['-o'],
  57.                         'ChrootEveryone' => ['-A'],
  58.                         'CreateHomeDir' => ['-j'],
  59.                         'CustomerProof' => ['-Z'],
  60.                         'Daemonize' => ['-B'],
  61.                         'DisplayDotFiles' => ['-D'],
  62.                         'DontResolve' => ['-H'],
  63.                         'ForcePassiveIP' => ['-P %s', \&parse_string],
  64.                         'FortunesFile' => ['-F %s', \&parse_filename],
  65.                         'FSCharset' => ['-8 %s', \&parse_string],
  66.                         'ClientCharset' => ['-9 %s', \&parse_string],
  67.                         'IPV4Only' => ['-4'],
  68.                         'IPV6Only' => ['-6'],
  69.                         'KeepAllFiles' => ['-K'],
  70.                         'LimitRecursion' => ['-L %d:%d', \&parse_number_2_unlimited],
  71.                         'LogPID' => ['-1'],
  72.                         'MaxClientsNumber' => ['-c %d', \&parse_number_1],
  73.                         'MaxClientsPerIP' => ['-C %d', \&parse_number_1],
  74.                         'MaxDiskUsage' => ['-k %d', \&parse_number_1],
  75.                         'MaxIdleTime' => ['-I %d', \&parse_number_1],
  76.                         'MaxLoad' => ['-m %d', \&parse_number_1],
  77.                         'MinUID' => ['-u %d', \&parse_number_1],
  78.                         'NATmode' => ['-N'],
  79.                         'NoAnonymous' => ['-E'],
  80.                         'NoChmod' => ['-R'],
  81.                         'NoRename' => ['-G'],
  82.                         'NoTruncate' => ['-0'],
  83.                         'PassivePortRange' => ['-p %d:%d', \&parse_number_2],
  84.                         'PerUserLimits' => ['-y %d:%d', \&parse_number_2],
  85.                         'ProhibitDotFilesRead' => ['-X'],
  86.                         'ProhibitDotFilesWrite' => ['-x'],
  87.                         'Quota' => ['-n %d:%d', \&parse_number_2],
  88.                         'SyslogFacility' => ['-f %s', \&parse_word, 99],
  89.                         'TLS' => ['-Y %d', \&parse_number_1],
  90.                         'TrustedGID' => ['-a %d', \&parse_number_1],
  91.                         'TrustedIP' => ['-V %s', \&parse_ip],
  92.                         'Umask' => ['-U %s:%s', \&parse_umask],
  93.                         'UserBandwidth' => ['-T %s', \&parse_number_1_2],
  94.                         'UserRatio' => ['-Q %d:%d', \&parse_number_2],
  95.                         'VerboseLog' => ['-d'],
  96.                     );
  97.  
  98. my %authconf = ('ExtAuth' => ['extauth:%s', \&parse_sockname],
  99.                                 'LDAPConfigFile' => ['ldap:%s', \&parse_filename, 0,
  100.                                                                                  'ldap'],
  101.                                 'MySQLConfigFile' => ['mysql:%s', \&parse_filename, 0,
  102.                                                                           'mysql'],
  103.                                 'PGSQLConfigFile' => ['pgsql:%s', \&parse_filename, 0,
  104.                                                                           'postgresql'],
  105.                                 'PAMAuthentication' => ['pam'],
  106.                                 'PureDB' => ['puredb:%s', \&parse_filename],
  107.                                 'UnixAuthentication' => ['unix'],
  108.                            );
  109.                                
  110. # examine all configuration files in /etc/pure-ftpd/conf
  111.  
  112. my @conffiles;
  113.  
  114. opendir (ETCCONF, '/etc/pure-ftpd/conf')
  115.         || die "$0: Couldn't examine directory /etc/pure-ftpd/conf: $!\n";
  116. @conffiles = readdir (ETCCONF);
  117. closedir (ETCCONF);
  118.  
  119. # examine authentication files in /etc/pure-ftpd/auth
  120.  
  121. my @authfiles;
  122.  
  123. opendir (ETCAUTH, '/etc/pure-ftpd/auth')
  124.         || die "$0: Couldn't examine directory /etc/pure-ftpd/auth: $!\n";
  125. @authfiles = sort (grep {-l "/etc/pure-ftpd/auth/$_"} readdir (ETCAUTH));
  126. closedir (ETCAUTH);
  127.  
  128. my ($file, $cref, $name);
  129. my (@options, $option, $ret);
  130.  
  131. for my $authname (@authfiles) {
  132.         # check if corresponding file exists
  133.         next unless $file = readlink("/etc/pure-ftpd/auth/$authname");
  134.         unless (File::Spec->file_name_is_absolute($file)) {
  135.                 $file = File::Spec->catfile('/etc/pure-ftpd/auth',$file);
  136.         }
  137.         next unless -f $file;
  138.        
  139.         # check if configuration directive exists
  140.         $name = basename($file);
  141.  
  142.         # check if we have the right capability for this authentication method
  143.         next if $authconf{$authname}->[3] && ! grep {$authconf{$authname}->[3] eq $_} @capabilities;
  144.        
  145.         if ($ret = parse_file(\%authconf, $file, $name)) {
  146.                 $ret->[0] = "-l $ret->[0]";
  147.                 push (@options, $ret);
  148.         }
  149. }
  150.  
  151.  
  152. for (@conffiles) {
  153.         # simply skip files with non-word/non-numeric characters
  154.         next unless /^[A-Za-z][A-Za-z0-9]+$/;
  155.  
  156.         # skip authentication configuration files
  157.         next if exists $authconf{$_};
  158.        
  159.         $file = "/etc/pure-ftpd/conf/$_";
  160.         if ($ret = parse_file(\%conf, $file, $_)) {
  161.                 push (@options, $ret);
  162.         }
  163. }
  164.  
  165. @options = map {split(/ /, $_->[0], 2)} (sort {$b->[1] <=> $a->[1]} @options);
  166.  
  167. if (exists $ENV{STANDALONE_OR_INETD} && $ENV{STANDALONE_OR_INETD} eq 'standalone') {
  168.         push (@options, '-B');
  169.         print "Running: $daemon ", join (' ', @options), "\n";
  170. }
  171.  
  172. # force PID file to /var/run/pure-ftpd/pure-ftpd.pid
  173. push(@options, '-g', '/var/run/pure-ftpd/pure-ftpd.pid');
  174.  
  175. exec { $daemon } ($daemon, @options) or die "$0: Cannot exec $daemon: $!";
  176.  
  177. sub parse_file {
  178.         my ($cref, $file, $option) = @_;
  179.         my @lines;
  180.  
  181.         unless (exists $cref->{$option}) {
  182.                 die "$0: Invalid configuration file $file: No corresponding directive\n";
  183.         }
  184.  
  185.         open (FILE, $file)
  186.                 || die "$0: Couldn't open configuration file $file: $!\n";
  187.         while (<FILE>) {
  188.                 next unless /\S/;
  189.                 s/^\s+//;
  190.                 s/\s+$//;
  191.                 next if /^\#/;
  192.                 push (@lines, $_);
  193.         }
  194.         close (FILE);
  195.        
  196.         # call parser
  197.         for my $line (@lines) {
  198.                 my $buf = '';
  199.  
  200.                 if (defined $cref->{$option}->[1]) {
  201.                         $ret = $cref->{$option}->[1]->(\$buf, $cref->{$option}->[0], $line);
  202.                 } else {
  203.                         $ret = parse_yesno(\$buf, $cref->{$option}->[0], $line);
  204.                 }
  205.        
  206.                 unless ($ret) {
  207.                         die "$0: Invalid configuration file $file: $buf\n";
  208.                 }
  209.  
  210.                 return [$buf, $cref->{$option}->[2] || 0] if length $buf;
  211.         }
  212.  
  213. }
  214.  
  215. sub parse_filename {
  216.         my ($buf, $fmt, $val) = @_;
  217.  
  218.         unless (-f $val) {
  219.                 $$buf = qq{"$val": No such file};
  220.                 return;
  221.         }
  222.         $$buf = sprintf $fmt, $val;
  223.         return 1;
  224. }
  225.  
  226. sub parse_ip {
  227.         my ($buf, $fmt, $val) = @_;
  228.  
  229.         if ($val =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/
  230.                 && $1 < 256 && $2 < 256 && $3 < 256 && $4 < 256) {
  231.                 $$buf = sprintf $fmt, $val;
  232.                 return 1;
  233.         }
  234.  
  235.         $$buf = qq{"$val": Invalid IP address};
  236. }
  237.  
  238. sub parse_number_1 {
  239.         my ($buf, $fmt, $val) = @_;
  240.  
  241.         if ($val =~ /\D/) {
  242.                 $$buf = qq{"$val" not a number};
  243.                 return;
  244.         }
  245.        
  246.         $$buf = sprintf $fmt, $val;
  247.         return 1;
  248. }
  249.  
  250. sub parse_number_1_2 {
  251.         my ($buf, $fmt, $val) = @_;
  252.  
  253.         if ($val =~ /^(\d+)(\s+|:)(\d+)$/) {
  254.                 $$buf = sprintf $fmt, "$1:$3";
  255.                 return 1;
  256.         }
  257.  
  258.         if ($val =~ /^(:?\d+)$/ || $val =~ /^(\d+:)/) {
  259.                 $$buf = sprintf $fmt, $1;
  260.                 return 1;
  261.         }
  262.        
  263.         $$buf = qq{"$val" not one or two numbers};
  264.         return;
  265. }
  266.  
  267. sub parse_number_2 {
  268.         my ($buf, $fmt, $val) = @_;
  269.  
  270.         if ($val !~ /^(\d+)\s+(\d+)$/) {
  271.                 $$buf = qq{"$val" not two numbers};
  272.                 return;
  273.         }
  274.        
  275.         $$buf = sprintf $fmt, $1, $2;
  276.         return 1;
  277. }
  278.  
  279. sub parse_number_2_unlimited {
  280.         my ($buf, $fmt, $val) = @_;
  281.  
  282.         if ($val !~ /^(\-?\d+)\s+(\-?\d+)$/) {
  283.                 $$buf = qq{"$val" not two numbers};
  284.                 return;
  285.         }
  286.  
  287.         if ($1 < -1 || $2 < -1) {
  288.                 $$buf = qq{"$val" smaller than unlimited (-1)};
  289.                 return;
  290.         }
  291.        
  292.         $$buf = sprintf $fmt, $1, $2;
  293.         return 1;
  294. }
  295.  
  296. sub parse_sockname {
  297.         my ($buf, $fmt, $val) = @_;
  298.  
  299.         unless (-S $val) {
  300.                 $$buf = qq{"$val": No such socket};
  301.                 return;
  302.         }
  303.         $$buf = sprintf $fmt, $val;
  304.         return 1;
  305. }
  306.  
  307. sub parse_string {
  308.         my ($buf, $fmt, $val) = @_;
  309.  
  310.         if ($val =~ /\s/) {
  311.                 $$buf = qq{"$val" contains whitespace};
  312.                 return;
  313.         }
  314.        
  315.         $$buf = sprintf $fmt, $val;
  316.         return 1;
  317. }
  318.  
  319. sub parse_umask {
  320.         my ($buf, $fmt, $val) = @_;
  321.  
  322.         if ($val !~ /^([0-7]{3,3})\s+([0-7]{3,3})$/) {
  323.                 $$buf = qq{"$val" not two octal numbers};
  324.                 return;
  325.         }
  326.        
  327.         $$buf = sprintf $fmt, $1, $2;
  328.         return 1;
  329. }
  330.  
  331. sub parse_word {
  332.         my ($buf, $fmt, $val) = @_;
  333.  
  334.         if ($val !~ /^(\w+)$/) {
  335.                 $$buf = qq{"$val" contains non-word characters};
  336.                 return;
  337.         }
  338.        
  339.         $$buf = sprintf $fmt, $1;
  340.         return 1;
  341. }
  342.  
  343. sub parse_yesno {
  344.         my ($buf, $fmt, $val) = @_;
  345.         my @y = ('yes', 1, 'on');
  346.         my @n = ('no', 0, 'off');
  347.  
  348.         if (grep {$_ eq lc($val)} @y) {
  349.                 # result is 'yes'
  350.                 $$buf = $fmt;
  351.                 return 1;
  352.         }
  353.         if (grep {$_ eq lc($val)} @n) {
  354.                 # result is 'no'
  355.                 $$buf = '';
  356.                 return 1;
  357.         }
  358.         # error
  359.         $$buf = qq{"$val" not convertible to true or false};
  360.         return;
  361. }
  362.  
  363. __END__
  364.  
  365. =head1 NAME
  366.  
  367. pure-ftpd-wrapper - configures and starts Pure-FTPd daemon
  368.  
  369. =head1 SYNOPSIS
  370.  
  371. pure-ftpd-wrapper
  372.  
  373. =head1 DESCRIPTION
  374.  
  375. B<pure-ftpd-wrapper> reads the configuration for the Pure-FTPd daemon
  376. from files in the directory F</etc/pure-ftpd/conf>. Each file in this
  377. directory is related to a command line option. No more than one
  378. line with configuration values is allowed. Empty lines or lines
  379. starting with the comment character C<#> are discarded.
  380.  
  381. The Pure-FTPd daemon allows to use different authentication methods
  382. together. The authentication methods are tried in the order they are
  383. specified on the command line. In order to achieve the same flexibility
  384. with files in the F</etc/pure-ftpd> directory, B<pure-ftpd-wrapper>
  385. checks all valid symbolic links within the directory F</etc/pure-ftpd/auth>
  386. in alphabetical order. E.g., a link in this directory pointing to
  387. F</etc/pure-ftpd/conf/PureDB> would enable authentication against
  388. a PureDB database.
  389.  
  390. There are no means to configure the I<PIDFile> setting, it is hardwired
  391. to /var/run/pure-ftpd/pure-ftpd.pid in this script.
  392.  
  393. =head1 CONFIGURATION
  394.  
  395. =head2 Boolean values
  396.  
  397. The strings C<Yes>,C<1>,C<On> enable the corresponding commandline option
  398. (case doesn't matter). To disable the option use C<No>,C<0> or C<Off>.
  399.  
  400. Configuration files containing boolean values are C<AllowAnonymousFXP>,
  401. C<AllowDotFiles>, C<AllowUserFXP>, C<AnonymousCanCreateDirs>,
  402. C<AnonymousCantUpload>, C<AnonymousOnly>, C<AntiWarez>, C<AutoRename>,
  403. C<BrokenClientsCompatibility>, C<CallUploadScript>, C<ChrootEveryone>,
  404. C<CreateHomeDir>, C<CustomerProof>, C<Daemonize>, C<DisplayDotFiles>,
  405. C<DontResolve>, C<IPV4Only>, C<IPV6Only>, C<KeepAllFiles>, C<LogPID>,
  406. C<NATmode>, C<NoAnonymous>, C<NoChmod>, C<NoRename>, C<PAMAuthentication>,
  407. C<ProhibitDotFilesRead>, C<ProhibitDotFilesWrite>, C<UnixAuthentication>
  408. and C<VerboseLog>.
  409.  
  410. =head2 Numerical values
  411.  
  412. There are several types of numerical values (one number, two numbers,
  413. one or two numbers, two octal numbers).
  414.  
  415. =over 4
  416.  
  417. =item One number
  418.  
  419. C<MaxClientsNumber>, C<MaxClientsPerIP>, C<MaxDiskUsage>, C<MaxIdleTime>,
  420. C<MaxLoad>, C<MinUID>, C<TLS>, C<TrustedGID>.
  421.  
  422. =item Two numbers
  423.  
  424. C<AnonymousRatio>, C<LimitRecursion>, C<PassivePortRange>,
  425. C<PerUserLimits>, C<Quota>, C<UserRatio>.
  426.  
  427. =item Two numbers (with unlimited value)
  428.  
  429. This allows -1 in addition to positive numbers indicating an unlimited
  430. values.
  431.  
  432. C<LimitRecursion>.
  433.  
  434. =item One or two numbers
  435.  
  436. C<AnonymousBandwidth>, C<UserBandwidth>.
  437.  
  438. =item Two octal numbers
  439.  
  440. C<Umask>.
  441.  
  442. =back
  443.  
  444. =head2 String values
  445.  
  446. =over
  447.  
  448. =item Arbritrary strings
  449.  
  450. C<AltLog>, C<Bind>, C<ForcePassiveIP>.
  451.  
  452. =item Words
  453.  
  454. C<SyslogFacility>.
  455.  
  456. =back
  457.  
  458. =head2 Character Sets
  459.  
  460. C<FSCharset>, C<ClientCharset>.
  461.  
  462. =head2 IP values
  463.  
  464. C<TrustedIP>.
  465.  
  466. =head2 File values
  467.  
  468. These values designate an existing file or socket.
  469.  
  470. =over
  471.  
  472. =item File
  473.  
  474. C<FortunesFile>, C<LDAPConfigFile>, C<MySQLConfigFile>, C<PGSQLConfigFile>, C<PureDB>.
  475.  
  476. =item Socket
  477.  
  478. C<ExtAuth>.
  479.  
  480. =back
  481.  
  482. =head1 AUTHOR
  483.  
  484. This manual page was written by Stefan Hornburg (Racke) <racke@linuxia.de>
  485. for the Debian GNU/Linux system.
clone this paste RAW Paste Data