diff options
| -rw-r--r-- | include/libssh/libssh.h | 1 | ||||
| -rw-r--r-- | include/libssh/server.h | 2 | ||||
| -rw-r--r-- | libssh/server.c | 8 | ||||
| -rw-r--r-- | libssh/session.c | 6 | ||||
| -rw-r--r-- | sftp_server/main.c | 18 | ||||
| -rw-r--r-- | sftp_server/pam/sftp.pam.freebsd | 5 | ||||
| -rw-r--r-- | sftp_server/pam/sftp.pam.generic | 8 | ||||
| -rw-r--r-- | sftp_server/pam/sftp.pam.gentoo | 6 |
8 files changed, 49 insertions, 5 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h index 8f1b21b..9246aff 100644 --- a/include/libssh/libssh.h +++ b/include/libssh/libssh.h @@ -110,6 +110,7 @@ void ssh_set_verbosity(int num); SSH_SESSION *ssh_new(); void ssh_set_options(SSH_SESSION *session, SSH_OPTIONS *options); int ssh_get_fd(SSH_SESSION *session); +void ssh_silent_disconnect(SSH_SESSION *session); /* client.c */ int ssh_connect(SSH_SESSION *session); diff --git a/include/libssh/server.h b/include/libssh/server.h index 4b8a0f8..6070f72 100644 --- a/include/libssh/server.h +++ b/include/libssh/server.h @@ -42,7 +42,7 @@ void ssh_bind_set_blocking(SSH_BIND *ssh_bind,int blocking); int ssh_bind_get_fd(SSH_BIND *ssh_bind); int ssh_bind_set_toaccept(SSH_BIND *ssh_bind); SSH_SESSION *ssh_bind_accept(SSH_BIND *ssh_bind); - +void ssh_bind_free(SSH_BIND *ssh_bind); int ssh_accept(SSH_SESSION *session); /* messages.c */ diff --git a/libssh/server.c b/libssh/server.c index a2d9d48..066760f 100644 --- a/libssh/server.c +++ b/libssh/server.c @@ -151,6 +151,14 @@ SSH_SESSION *ssh_bind_accept(SSH_BIND *ssh_bind){ session->rsa_key=rsa; return session; } + +void ssh_bind_free(SSH_BIND *ssh_bind){ + if(ssh_bind->bindfd>=0) + close(ssh_bind->bindfd); + ssh_bind->bindfd=-1; + free(ssh_bind); +} + extern char *supported_methods[]; int server_set_kex(SSH_SESSION * session) { diff --git a/libssh/session.c b/libssh/session.c index 731446d..1a0f25c 100644 --- a/libssh/session.c +++ b/libssh/session.c @@ -81,6 +81,12 @@ void ssh_cleanup(SSH_SESSION *session){ free(session); } +void ssh_silent_disconnect(SSH_SESSION *session){ + close(session->fd); + session->alive=0; + ssh_disconnect(session); +} + void ssh_set_options(SSH_SESSION *session, SSH_OPTIONS *options){ session->options=options; } diff --git a/sftp_server/main.c b/sftp_server/main.c index c7e8c86..7b276d2 100644 --- a/sftp_server/main.c +++ b/sftp_server/main.c @@ -33,6 +33,7 @@ MA 02111-1307, USA. */ #include <errno.h> #include <fcntl.h> #include <stdio.h> +#include <signal.h> #include <security/pam_appl.h> #include "server.h" @@ -546,11 +547,20 @@ int main(int argc, char **argv){ printf("Error listening to socket: %s\n",ssh_get_error(ssh_bind)); return 1; } - session=ssh_bind_accept(ssh_bind); - if(!session){ - printf("error accepting a connection : %s\n",ssh_get_error(ssh_bind)); - return 1; + signal(SIGCHLD,SIG_IGN); + while(1){ + session=ssh_bind_accept(ssh_bind); + if(!session){ + printf("error accepting a connection : %s\n",ssh_get_error(ssh_bind)); + return 1; + } + if(fork()==0){ + break; + } + ssh_silent_disconnect(session); } + ssh_bind_free(ssh_bind); + printf("Socket connected : %d\n",ssh_get_fd(session)); if(ssh_accept(session)){ printf("ssh_accept : %s\n",ssh_get_error(session)); diff --git a/sftp_server/pam/sftp.pam.freebsd b/sftp_server/pam/sftp.pam.freebsd new file mode 100644 index 0000000..72d27bd --- /dev/null +++ b/sftp_server/pam/sftp.pam.freebsd @@ -0,0 +1,5 @@ +sftp auth required pam_unix.so try_first_pass +sftp account required pam_unix.so +sftp password required pam_permit.so +sftp session required pam_permit.so + diff --git a/sftp_server/pam/sftp.pam.generic b/sftp_server/pam/sftp.pam.generic new file mode 100644 index 0000000..cf5af30 --- /dev/null +++ b/sftp_server/pam/sftp.pam.generic @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth required /lib/security/pam_unix.so shadow nodelay +auth required /lib/security/pam_nologin.so +account required /lib/security/pam_unix.so +password required /lib/security/pam_cracklib.so +password required /lib/security/pam_unix.so shadow nullok use_authtok +session required /lib/security/pam_unix.so +session required /lib/security/pam_limits.so diff --git a/sftp_server/pam/sftp.pam.gentoo b/sftp_server/pam/sftp.pam.gentoo new file mode 100644 index 0000000..b135c44 --- /dev/null +++ b/sftp_server/pam/sftp.pam.gentoo @@ -0,0 +1,6 @@ +#%PAM-1.0 + +auth include system-auth +account include system-auth +password include system-auth + |