diff options
| author | Aris Adamantiadis <aris@0xbadc0de.be> | 2005-08-29 00:55:27 +0000 |
|---|---|---|
| committer | Aris Adamantiadis <aris@0xbadc0de.be> | 2005-08-29 00:55:27 +0000 |
| commit | b81c66ee8f785d56eea7ebf3c8d741704c4f2b1b (patch) | |
| tree | 2adfa966f2b303b4adebae2d5727096b31036c0d | |
| parent | 0de0dca16d1caf6c712fb4b50d4ff7c7e25d5129 (diff) | |
| download | libssh-b81c66ee8f785d56eea7ebf3c8d741704c4f2b1b.tar.gz libssh-b81c66ee8f785d56eea7ebf3c8d741704c4f2b1b.tar.xz libssh-b81c66ee8f785d56eea7ebf3c8d741704c4f2b1b.zip | |
pam samples files to put into /etc/pam.d
ssh_silent_disconnect() and server forking. I still have to add a -D command line to avoid the forking.
password auth works, but there is no uid change yet. I'll have to make the configuration stuff really being respected by the server. (like keys, ports, users, ...)
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@23 7dcaeef0-15fb-0310-b436-a5af3365683c
| -rw-r--r-- | include/libssh/libssh.h | 1 | ||||
| -rw-r--r-- | include/libssh/server.h | 2 | ||||
| -rw-r--r-- | libssh/server.c | 8 | ||||
| -rw-r--r-- | libssh/session.c | 6 | ||||
| -rw-r--r-- | sftp_server/main.c | 18 | ||||
| -rw-r--r-- | sftp_server/pam/sftp.pam.freebsd | 5 | ||||
| -rw-r--r-- | sftp_server/pam/sftp.pam.generic | 8 | ||||
| -rw-r--r-- | sftp_server/pam/sftp.pam.gentoo | 6 |
8 files changed, 49 insertions, 5 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h index 8f1b21b..9246aff 100644 --- a/include/libssh/libssh.h +++ b/include/libssh/libssh.h @@ -110,6 +110,7 @@ void ssh_set_verbosity(int num); SSH_SESSION *ssh_new(); void ssh_set_options(SSH_SESSION *session, SSH_OPTIONS *options); int ssh_get_fd(SSH_SESSION *session); +void ssh_silent_disconnect(SSH_SESSION *session); /* client.c */ int ssh_connect(SSH_SESSION *session); diff --git a/include/libssh/server.h b/include/libssh/server.h index 4b8a0f8..6070f72 100644 --- a/include/libssh/server.h +++ b/include/libssh/server.h @@ -42,7 +42,7 @@ void ssh_bind_set_blocking(SSH_BIND *ssh_bind,int blocking); int ssh_bind_get_fd(SSH_BIND *ssh_bind); int ssh_bind_set_toaccept(SSH_BIND *ssh_bind); SSH_SESSION *ssh_bind_accept(SSH_BIND *ssh_bind); - +void ssh_bind_free(SSH_BIND *ssh_bind); int ssh_accept(SSH_SESSION *session); /* messages.c */ diff --git a/libssh/server.c b/libssh/server.c index a2d9d48..066760f 100644 --- a/libssh/server.c +++ b/libssh/server.c @@ -151,6 +151,14 @@ SSH_SESSION *ssh_bind_accept(SSH_BIND *ssh_bind){ session->rsa_key=rsa; return session; } + +void ssh_bind_free(SSH_BIND *ssh_bind){ + if(ssh_bind->bindfd>=0) + close(ssh_bind->bindfd); + ssh_bind->bindfd=-1; + free(ssh_bind); +} + extern char *supported_methods[]; int server_set_kex(SSH_SESSION * session) { diff --git a/libssh/session.c b/libssh/session.c index 731446d..1a0f25c 100644 --- a/libssh/session.c +++ b/libssh/session.c @@ -81,6 +81,12 @@ void ssh_cleanup(SSH_SESSION *session){ free(session); } +void ssh_silent_disconnect(SSH_SESSION *session){ + close(session->fd); + session->alive=0; + ssh_disconnect(session); +} + void ssh_set_options(SSH_SESSION *session, SSH_OPTIONS *options){ session->options=options; } diff --git a/sftp_server/main.c b/sftp_server/main.c index c7e8c86..7b276d2 100644 --- a/sftp_server/main.c +++ b/sftp_server/main.c @@ -33,6 +33,7 @@ MA 02111-1307, USA. */ #include <errno.h> #include <fcntl.h> #include <stdio.h> +#include <signal.h> #include <security/pam_appl.h> #include "server.h" @@ -546,11 +547,20 @@ int main(int argc, char **argv){ printf("Error listening to socket: %s\n",ssh_get_error(ssh_bind)); return 1; } - session=ssh_bind_accept(ssh_bind); - if(!session){ - printf("error accepting a connection : %s\n",ssh_get_error(ssh_bind)); - return 1; + signal(SIGCHLD,SIG_IGN); + while(1){ + session=ssh_bind_accept(ssh_bind); + if(!session){ + printf("error accepting a connection : %s\n",ssh_get_error(ssh_bind)); + return 1; + } + if(fork()==0){ + break; + } + ssh_silent_disconnect(session); } + ssh_bind_free(ssh_bind); + printf("Socket connected : %d\n",ssh_get_fd(session)); if(ssh_accept(session)){ printf("ssh_accept : %s\n",ssh_get_error(session)); diff --git a/sftp_server/pam/sftp.pam.freebsd b/sftp_server/pam/sftp.pam.freebsd new file mode 100644 index 0000000..72d27bd --- /dev/null +++ b/sftp_server/pam/sftp.pam.freebsd @@ -0,0 +1,5 @@ +sftp auth required pam_unix.so try_first_pass +sftp account required pam_unix.so +sftp password required pam_permit.so +sftp session required pam_permit.so + diff --git a/sftp_server/pam/sftp.pam.generic b/sftp_server/pam/sftp.pam.generic new file mode 100644 index 0000000..cf5af30 --- /dev/null +++ b/sftp_server/pam/sftp.pam.generic @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth required /lib/security/pam_unix.so shadow nodelay +auth required /lib/security/pam_nologin.so +account required /lib/security/pam_unix.so +password required /lib/security/pam_cracklib.so +password required /lib/security/pam_unix.so shadow nullok use_authtok +session required /lib/security/pam_unix.so +session required /lib/security/pam_limits.so diff --git a/sftp_server/pam/sftp.pam.gentoo b/sftp_server/pam/sftp.pam.gentoo new file mode 100644 index 0000000..b135c44 --- /dev/null +++ b/sftp_server/pam/sftp.pam.gentoo @@ -0,0 +1,6 @@ +#%PAM-1.0 + +auth include system-auth +account include system-auth +password include system-auth + |