From 8963144850a17aa961b53ad3b036eb71b628d111 Mon Sep 17 00:00:00 2001
From: Aris Adamantiadis <aris@0xbadc0de.be>
Date: Wed, 31 Aug 2005 00:00:36 +0000
Subject: server goes into backgroup server accepts command line arguments
 server write comments into the configuration file.

git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@31 7dcaeef0-15fb-0310-b436-a5af3365683c
---
 sftp_server/main.c         | 44 +++++++++++++++++++++++++++++++++++---------
 sftp_server/mercurius.conf | 31 ++++++++++++++++++++++++++-----
 sftp_server/userauth.c     | 19 ++++++++++++++-----
 3 files changed, 75 insertions(+), 19 deletions(-)

diff --git a/sftp_server/main.c b/sftp_server/main.c
index 163ab758..b9811f9c 100644
--- a/sftp_server/main.c
+++ b/sftp_server/main.c
@@ -70,6 +70,10 @@ CHANNEL *recv_channel(SSH_SESSION *session){
     return chan;
 }
 
+void usage(char *prog){
+    fprintf(stderr,"Usage : %s [-vD] [-f config]\n",prog);
+}
+
 int main(int argc, char **argv){
     SSH_OPTIONS *options=ssh_options_new();
     SSH_SESSION *session;
@@ -77,11 +81,27 @@ int main(int argc, char **argv){
     CHANNEL *chan=NULL;
     SFTP_SESSION *sftp=NULL;
     int ret;
+    int donotfork=0;
+    char *config="mercurius.conf";
     ssh_options_getopt(options,&argc,argv);
-    if(argc>1)
-        ret=parse_config(argv[1]);
-    else
-        ret=parse_config("mercurius.conf");
+    while((ret=getopt(argc, argv, "Df:"))!=-1){
+        switch(ret){
+            case 'D':
+                donotfork=1;
+                break;
+            case 'f':
+                config=strdup(optarg);
+                break;
+            case '?':
+                usage(argv[0]);
+                exit(1);
+        }
+    }
+    if(optind<argc) {
+        usage(argv[0]);
+        exit(1);
+    }
+    ret=parse_config(config);
     if(ret != 0){
         printf("Error parsing configuration file\n");
         return 1;
@@ -94,7 +114,7 @@ int main(int argc, char **argv){
         ssh_options_set_dsa_server_key(options,dsa);
     if(rsa)
         ssh_options_set_rsa_server_key(options,rsa);
-    printf("port : %d\n",port);
+    //printf("port : %d\n",port);
     if(port!=0)
         ssh_options_set_port(options,port);
     ssh_bind=ssh_bind_new();
@@ -104,6 +124,12 @@ int main(int argc, char **argv){
         return 1;
     }
     signal(SIGCHLD,SIG_IGN);
+    if(!donotfork){
+        ssh_say(1,"Going into background...\n");
+        if(fork()){
+            exit(0);
+        }
+    }
     while(1){
         session=ssh_bind_accept(ssh_bind);
         if(!session){
@@ -117,7 +143,7 @@ int main(int argc, char **argv){
     }
     ssh_bind_free(ssh_bind);
     
-    printf("Socket connected : %d\n",ssh_get_fd(session));
+    //printf("Socket connected : %d\n",ssh_get_fd(session));
     if(ssh_accept(session)){
         printf("ssh_accept : %s\n",ssh_get_error(session));
         return 1;
@@ -126,7 +152,7 @@ int main(int argc, char **argv){
         printf("error : %s\n",ssh_get_error(session));
         return 1;
     }
-    printf("user authenticated\n");
+    ssh_say(1,"user authenticated\n");
     chan=recv_channel(session);
     if(!chan){
         printf("error : %s\n",ssh_get_error(session));
@@ -137,9 +163,9 @@ int main(int argc, char **argv){
         printf("error : %s\n",ssh_get_error(session));
         return 1;
     }
-    printf("Sftp session open by client\n");
+    ssh_say(1,"Sftp session open by client\n");
     sftploop(session,sftp);
+    ssh_say(1,"Client disconnected\n");
     ssh_disconnect(session);
     return 0;
 }
-
diff --git a/sftp_server/mercurius.conf b/sftp_server/mercurius.conf
index 842c91c9..56c1e644 100644
--- a/sftp_server/mercurius.conf
+++ b/sftp_server/mercurius.conf
@@ -1,26 +1,47 @@
 Port 4444
 Hostkeyrsa /etc/ssh/ssh_host_rsa_key
 Hostkeydsa /etc/ssh/ssh_host_dsa_key
+#the group wheel has 4 users. They are regular
+#users of the system because they are authenticating
+#through the normal way (pam)
 <group wheel>
     user root, admin, webmaster
     user aris
 </group>
+
+#they are virtual users using the uid of the user "ftp"
+#they don't need a password and their home dir is
+#chrooted to /home/ftp
 <group anonymous>
     user ftp, anonymous, anon
     uid ftp
     nopassword
     chroot /home/ftp
 </group>
+
+#the users group log in normaly but are restricted to
+#their own home dir.
+#here, aris is both in wheel group : he has the properties
+#of wheel users and "users" users.
+#BUT he cannot have two conflicting properties.
 <group users>
     user test
     user aris
     chroot $HOME/
 </group>
+
+#everybody should be in world, at your convenance.
+
+#it is no problem to have different users with different
+#properties in the same group, as far as the group
+#doesn't define new conflicting properties
 <group world>
     group wheel, anonymous, users
 </group>
-<dir />
-    list world
-    read world
-    write wheel
-</dir>
+
+#not implemented yet
+#<dir />
+#    list world
+#    read world
+#    write wheel
+#</dir>
diff --git a/sftp_server/userauth.c b/sftp_server/userauth.c
index 37bdc04a..b5a6055d 100644
--- a/sftp_server/userauth.c
+++ b/sftp_server/userauth.c
@@ -25,6 +25,7 @@ MA 02111-1307, USA. */
 //#include <libssh/sftp.h>
 #include <security/pam_appl.h>
 #include <pwd.h>
+#include <errno.h>
 #include <string.h>
 #include "server.h"
 
@@ -71,8 +72,10 @@ int postauth_conf(char *user){
     root=user_chroot(user);
     if(root){
         if((ptr=strstr(root,"$HOME"))){
-            if(!pw)
+            if(!pw){
+                ssh_say(1,"Postauth failed : no home directory for user %s\n",user);
                 return -1; // this user has no user directory
+            }
             *ptr=0;
             snprintf(buffer,sizeof(buffer),"%s%s/%s",
                      root,pw->pw_dir,ptr+strlen("$HOME"));
@@ -83,18 +86,23 @@ int postauth_conf(char *user){
     /* we don't chroot right now because we still need getpwnam() */
     char_uid=user_uid(user);
     if(!char_uid){
-        if(!pw)
+        if(!pw){
+            ssh_say(1,"postauth failed : user %s doesn't exist(try to set the uid setting)\n",user);
             return -1; // user doesn't exist !
+        }
         char_uid=user;
     }
     uid=atoi(char_uid);
     if(uid==0 && char_uid[0]!=0){
         pw=getpwnam(char_uid);
-        if(!pw)
+        if(!pw){
+            ssh_say(1,"postauth failed : user %s does not exist\n",char_uid);
             return -1;
+        }
         uid=pw->pw_uid;
     }
     if(root && chroot(buffer)){
+        ssh_say(1,"Postauth failed : chroot failed (%s)\n",strerror(errno));
         return -1; // cannot chroot
     }
     if(root){
@@ -106,13 +114,13 @@ int postauth_conf(char *user){
             chdir("/");
     }
     if(setuid(uid)){
+        ssh_say(1,"Postauth failed : cannot set uid (%)\n",strerror(errno));
         return -1; // cannot setuid
     }
     return 0;
 }
     
-    
-        
+
 struct pam_conv pam_conv ={ password_conv, NULL };
 /* returns 1 if authenticated, 0 if failed,
  -1 if you must leave */
@@ -136,6 +144,7 @@ int auth_password(char *user, char *password){
             return -1;
         return 1;
     } else {
+        ssh_say(1,"password auth failed for user %s\n",user);
         pam_end(pamh,PAM_AUTH_ERR);
         return 0;
     }
-- 
cgit