diff options
author | Aris Adamantiadis <aris@0xbadc0de.be> | 2005-08-31 00:00:36 +0000 |
---|---|---|
committer | Aris Adamantiadis <aris@0xbadc0de.be> | 2005-08-31 00:00:36 +0000 |
commit | 8963144850a17aa961b53ad3b036eb71b628d111 (patch) | |
tree | 128c9c35e1aed49bc75954394d03ad63997e7983 /sftp_server | |
parent | a8b5d63e14af539ea417f4752850ff300055a0ad (diff) | |
download | libssh-8963144850a17aa961b53ad3b036eb71b628d111.tar.gz libssh-8963144850a17aa961b53ad3b036eb71b628d111.tar.xz libssh-8963144850a17aa961b53ad3b036eb71b628d111.zip |
server goes into backgroup
server accepts command line arguments
server write
comments into the configuration file.
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@31 7dcaeef0-15fb-0310-b436-a5af3365683c
Diffstat (limited to 'sftp_server')
-rw-r--r-- | sftp_server/main.c | 44 | ||||
-rw-r--r-- | sftp_server/mercurius.conf | 31 | ||||
-rw-r--r-- | sftp_server/userauth.c | 19 |
3 files changed, 75 insertions, 19 deletions
diff --git a/sftp_server/main.c b/sftp_server/main.c index 163ab758..b9811f9c 100644 --- a/sftp_server/main.c +++ b/sftp_server/main.c @@ -70,6 +70,10 @@ CHANNEL *recv_channel(SSH_SESSION *session){ return chan; } +void usage(char *prog){ + fprintf(stderr,"Usage : %s [-vD] [-f config]\n",prog); +} + int main(int argc, char **argv){ SSH_OPTIONS *options=ssh_options_new(); SSH_SESSION *session; @@ -77,11 +81,27 @@ int main(int argc, char **argv){ CHANNEL *chan=NULL; SFTP_SESSION *sftp=NULL; int ret; + int donotfork=0; + char *config="mercurius.conf"; ssh_options_getopt(options,&argc,argv); - if(argc>1) - ret=parse_config(argv[1]); - else - ret=parse_config("mercurius.conf"); + while((ret=getopt(argc, argv, "Df:"))!=-1){ + switch(ret){ + case 'D': + donotfork=1; + break; + case 'f': + config=strdup(optarg); + break; + case '?': + usage(argv[0]); + exit(1); + } + } + if(optind<argc) { + usage(argv[0]); + exit(1); + } + ret=parse_config(config); if(ret != 0){ printf("Error parsing configuration file\n"); return 1; @@ -94,7 +114,7 @@ int main(int argc, char **argv){ ssh_options_set_dsa_server_key(options,dsa); if(rsa) ssh_options_set_rsa_server_key(options,rsa); - printf("port : %d\n",port); + //printf("port : %d\n",port); if(port!=0) ssh_options_set_port(options,port); ssh_bind=ssh_bind_new(); @@ -104,6 +124,12 @@ int main(int argc, char **argv){ return 1; } signal(SIGCHLD,SIG_IGN); + if(!donotfork){ + ssh_say(1,"Going into background...\n"); + if(fork()){ + exit(0); + } + } while(1){ session=ssh_bind_accept(ssh_bind); if(!session){ @@ -117,7 +143,7 @@ int main(int argc, char **argv){ } ssh_bind_free(ssh_bind); - printf("Socket connected : %d\n",ssh_get_fd(session)); + //printf("Socket connected : %d\n",ssh_get_fd(session)); if(ssh_accept(session)){ printf("ssh_accept : %s\n",ssh_get_error(session)); return 1; @@ -126,7 +152,7 @@ int main(int argc, char **argv){ printf("error : %s\n",ssh_get_error(session)); return 1; } - printf("user authenticated\n"); + ssh_say(1,"user authenticated\n"); chan=recv_channel(session); if(!chan){ printf("error : %s\n",ssh_get_error(session)); @@ -137,9 +163,9 @@ int main(int argc, char **argv){ printf("error : %s\n",ssh_get_error(session)); return 1; } - printf("Sftp session open by client\n"); + ssh_say(1,"Sftp session open by client\n"); sftploop(session,sftp); + ssh_say(1,"Client disconnected\n"); ssh_disconnect(session); return 0; } - diff --git a/sftp_server/mercurius.conf b/sftp_server/mercurius.conf index 842c91c9..56c1e644 100644 --- a/sftp_server/mercurius.conf +++ b/sftp_server/mercurius.conf @@ -1,26 +1,47 @@ Port 4444 Hostkeyrsa /etc/ssh/ssh_host_rsa_key Hostkeydsa /etc/ssh/ssh_host_dsa_key +#the group wheel has 4 users. They are regular +#users of the system because they are authenticating +#through the normal way (pam) <group wheel> user root, admin, webmaster user aris </group> + +#they are virtual users using the uid of the user "ftp" +#they don't need a password and their home dir is +#chrooted to /home/ftp <group anonymous> user ftp, anonymous, anon uid ftp nopassword chroot /home/ftp </group> + +#the users group log in normaly but are restricted to +#their own home dir. +#here, aris is both in wheel group : he has the properties +#of wheel users and "users" users. +#BUT he cannot have two conflicting properties. <group users> user test user aris chroot $HOME/ </group> + +#everybody should be in world, at your convenance. + +#it is no problem to have different users with different +#properties in the same group, as far as the group +#doesn't define new conflicting properties <group world> group wheel, anonymous, users </group> -<dir /> - list world - read world - write wheel -</dir> + +#not implemented yet +#<dir /> +# list world +# read world +# write wheel +#</dir> diff --git a/sftp_server/userauth.c b/sftp_server/userauth.c index 37bdc04a..b5a6055d 100644 --- a/sftp_server/userauth.c +++ b/sftp_server/userauth.c @@ -25,6 +25,7 @@ MA 02111-1307, USA. */ //#include <libssh/sftp.h> #include <security/pam_appl.h> #include <pwd.h> +#include <errno.h> #include <string.h> #include "server.h" @@ -71,8 +72,10 @@ int postauth_conf(char *user){ root=user_chroot(user); if(root){ if((ptr=strstr(root,"$HOME"))){ - if(!pw) + if(!pw){ + ssh_say(1,"Postauth failed : no home directory for user %s\n",user); return -1; // this user has no user directory + } *ptr=0; snprintf(buffer,sizeof(buffer),"%s%s/%s", root,pw->pw_dir,ptr+strlen("$HOME")); @@ -83,18 +86,23 @@ int postauth_conf(char *user){ /* we don't chroot right now because we still need getpwnam() */ char_uid=user_uid(user); if(!char_uid){ - if(!pw) + if(!pw){ + ssh_say(1,"postauth failed : user %s doesn't exist(try to set the uid setting)\n",user); return -1; // user doesn't exist ! + } char_uid=user; } uid=atoi(char_uid); if(uid==0 && char_uid[0]!=0){ pw=getpwnam(char_uid); - if(!pw) + if(!pw){ + ssh_say(1,"postauth failed : user %s does not exist\n",char_uid); return -1; + } uid=pw->pw_uid; } if(root && chroot(buffer)){ + ssh_say(1,"Postauth failed : chroot failed (%s)\n",strerror(errno)); return -1; // cannot chroot } if(root){ @@ -106,13 +114,13 @@ int postauth_conf(char *user){ chdir("/"); } if(setuid(uid)){ + ssh_say(1,"Postauth failed : cannot set uid (%)\n",strerror(errno)); return -1; // cannot setuid } return 0; } - - + struct pam_conv pam_conv ={ password_conv, NULL }; /* returns 1 if authenticated, 0 if failed, -1 if you must leave */ @@ -136,6 +144,7 @@ int auth_password(char *user, char *password){ return -1; return 1; } else { + ssh_say(1,"password auth failed for user %s\n",user); pam_end(pamh,PAM_AUTH_ERR); return 0; } |