aboutsummaryrefslogtreecommitdiff
path: root/sftp_server
diff options
context:
space:
mode:
Diffstat (limited to 'sftp_server')
-rw-r--r--sftp_server/main.c44
-rw-r--r--sftp_server/mercurius.conf31
-rw-r--r--sftp_server/userauth.c19
3 files changed, 75 insertions, 19 deletions
diff --git a/sftp_server/main.c b/sftp_server/main.c
index 163ab758..b9811f9c 100644
--- a/sftp_server/main.c
+++ b/sftp_server/main.c
@@ -70,6 +70,10 @@ CHANNEL *recv_channel(SSH_SESSION *session){
return chan;
}
+void usage(char *prog){
+ fprintf(stderr,"Usage : %s [-vD] [-f config]\n",prog);
+}
+
int main(int argc, char **argv){
SSH_OPTIONS *options=ssh_options_new();
SSH_SESSION *session;
@@ -77,11 +81,27 @@ int main(int argc, char **argv){
CHANNEL *chan=NULL;
SFTP_SESSION *sftp=NULL;
int ret;
+ int donotfork=0;
+ char *config="mercurius.conf";
ssh_options_getopt(options,&argc,argv);
- if(argc>1)
- ret=parse_config(argv[1]);
- else
- ret=parse_config("mercurius.conf");
+ while((ret=getopt(argc, argv, "Df:"))!=-1){
+ switch(ret){
+ case 'D':
+ donotfork=1;
+ break;
+ case 'f':
+ config=strdup(optarg);
+ break;
+ case '?':
+ usage(argv[0]);
+ exit(1);
+ }
+ }
+ if(optind<argc) {
+ usage(argv[0]);
+ exit(1);
+ }
+ ret=parse_config(config);
if(ret != 0){
printf("Error parsing configuration file\n");
return 1;
@@ -94,7 +114,7 @@ int main(int argc, char **argv){
ssh_options_set_dsa_server_key(options,dsa);
if(rsa)
ssh_options_set_rsa_server_key(options,rsa);
- printf("port : %d\n",port);
+ //printf("port : %d\n",port);
if(port!=0)
ssh_options_set_port(options,port);
ssh_bind=ssh_bind_new();
@@ -104,6 +124,12 @@ int main(int argc, char **argv){
return 1;
}
signal(SIGCHLD,SIG_IGN);
+ if(!donotfork){
+ ssh_say(1,"Going into background...\n");
+ if(fork()){
+ exit(0);
+ }
+ }
while(1){
session=ssh_bind_accept(ssh_bind);
if(!session){
@@ -117,7 +143,7 @@ int main(int argc, char **argv){
}
ssh_bind_free(ssh_bind);
- printf("Socket connected : %d\n",ssh_get_fd(session));
+ //printf("Socket connected : %d\n",ssh_get_fd(session));
if(ssh_accept(session)){
printf("ssh_accept : %s\n",ssh_get_error(session));
return 1;
@@ -126,7 +152,7 @@ int main(int argc, char **argv){
printf("error : %s\n",ssh_get_error(session));
return 1;
}
- printf("user authenticated\n");
+ ssh_say(1,"user authenticated\n");
chan=recv_channel(session);
if(!chan){
printf("error : %s\n",ssh_get_error(session));
@@ -137,9 +163,9 @@ int main(int argc, char **argv){
printf("error : %s\n",ssh_get_error(session));
return 1;
}
- printf("Sftp session open by client\n");
+ ssh_say(1,"Sftp session open by client\n");
sftploop(session,sftp);
+ ssh_say(1,"Client disconnected\n");
ssh_disconnect(session);
return 0;
}
-
diff --git a/sftp_server/mercurius.conf b/sftp_server/mercurius.conf
index 842c91c9..56c1e644 100644
--- a/sftp_server/mercurius.conf
+++ b/sftp_server/mercurius.conf
@@ -1,26 +1,47 @@
Port 4444
Hostkeyrsa /etc/ssh/ssh_host_rsa_key
Hostkeydsa /etc/ssh/ssh_host_dsa_key
+#the group wheel has 4 users. They are regular
+#users of the system because they are authenticating
+#through the normal way (pam)
<group wheel>
user root, admin, webmaster
user aris
</group>
+
+#they are virtual users using the uid of the user "ftp"
+#they don't need a password and their home dir is
+#chrooted to /home/ftp
<group anonymous>
user ftp, anonymous, anon
uid ftp
nopassword
chroot /home/ftp
</group>
+
+#the users group log in normaly but are restricted to
+#their own home dir.
+#here, aris is both in wheel group : he has the properties
+#of wheel users and "users" users.
+#BUT he cannot have two conflicting properties.
<group users>
user test
user aris
chroot $HOME/
</group>
+
+#everybody should be in world, at your convenance.
+
+#it is no problem to have different users with different
+#properties in the same group, as far as the group
+#doesn't define new conflicting properties
<group world>
group wheel, anonymous, users
</group>
-<dir />
- list world
- read world
- write wheel
-</dir>
+
+#not implemented yet
+#<dir />
+# list world
+# read world
+# write wheel
+#</dir>
diff --git a/sftp_server/userauth.c b/sftp_server/userauth.c
index 37bdc04a..b5a6055d 100644
--- a/sftp_server/userauth.c
+++ b/sftp_server/userauth.c
@@ -25,6 +25,7 @@ MA 02111-1307, USA. */
//#include <libssh/sftp.h>
#include <security/pam_appl.h>
#include <pwd.h>
+#include <errno.h>
#include <string.h>
#include "server.h"
@@ -71,8 +72,10 @@ int postauth_conf(char *user){
root=user_chroot(user);
if(root){
if((ptr=strstr(root,"$HOME"))){
- if(!pw)
+ if(!pw){
+ ssh_say(1,"Postauth failed : no home directory for user %s\n",user);
return -1; // this user has no user directory
+ }
*ptr=0;
snprintf(buffer,sizeof(buffer),"%s%s/%s",
root,pw->pw_dir,ptr+strlen("$HOME"));
@@ -83,18 +86,23 @@ int postauth_conf(char *user){
/* we don't chroot right now because we still need getpwnam() */
char_uid=user_uid(user);
if(!char_uid){
- if(!pw)
+ if(!pw){
+ ssh_say(1,"postauth failed : user %s doesn't exist(try to set the uid setting)\n",user);
return -1; // user doesn't exist !
+ }
char_uid=user;
}
uid=atoi(char_uid);
if(uid==0 && char_uid[0]!=0){
pw=getpwnam(char_uid);
- if(!pw)
+ if(!pw){
+ ssh_say(1,"postauth failed : user %s does not exist\n",char_uid);
return -1;
+ }
uid=pw->pw_uid;
}
if(root && chroot(buffer)){
+ ssh_say(1,"Postauth failed : chroot failed (%s)\n",strerror(errno));
return -1; // cannot chroot
}
if(root){
@@ -106,13 +114,13 @@ int postauth_conf(char *user){
chdir("/");
}
if(setuid(uid)){
+ ssh_say(1,"Postauth failed : cannot set uid (%)\n",strerror(errno));
return -1; // cannot setuid
}
return 0;
}
-
-
+
struct pam_conv pam_conv ={ password_conv, NULL };
/* returns 1 if authenticated, 0 if failed,
-1 if you must leave */
@@ -136,6 +144,7 @@ int auth_password(char *user, char *password){
return -1;
return 1;
} else {
+ ssh_say(1,"password auth failed for user %s\n",user);
pam_end(pamh,PAM_AUTH_ERR);
return 0;
}