mirror of
https://github.com/kingk85/uFTP.git
synced 2025-07-25 13:16:12 +03:00
Adding PAM auth method
This commit is contained in:
Ugo Cirmignani
14
Makefile
14
Makefile
@ -20,7 +20,10 @@ ENABLE_LARGE_FILE_SUPPORT=-D LARGE_FILE_SUPPORT_ENABLED -D _LARGEFILE64_SOURCE
|
||||
ENABLE_OPENSSL_SUPPORT=
|
||||
#TO ENABLE OPENSSL SUPPORT UNCOMMENT NEXT 2 LINES
|
||||
ENABLE_OPENSSL_SUPPORT=-D OPENSSL_ENABLED
|
||||
LIBS=-lpthread -lssl -lcrypto
|
||||
LIBS=-lpthread -lssl -lcrypto -lpam
|
||||
|
||||
#USER PAM AUTH
|
||||
#-lpam
|
||||
|
||||
CFLAGS=$(CFLAGSTEMP) $(ENABLE_LARGE_FILE_SUPPORT) $(ENABLE_OPENSSL_SUPPORT)
|
||||
|
||||
@ -36,17 +39,20 @@ start:
|
||||
end:
|
||||
@echo Build process end
|
||||
|
||||
uFTP: uFTP.c fileManagement.o configRead.o logFunctions.o ftpCommandElaborate.o ftpData.o ftpServer.o daemon.o signals.o connection.o openSsl.o dynamicMemory.o errorHandling.o
|
||||
@$(CC) $(ENABLE_LARGE_FILE_SUPPORT) $(ENABLE_OPENSSL_SUPPORT) uFTP.c $(LIBPATH)dynamicVectors.o $(LIBPATH)fileManagement.o $(LIBPATH)configRead.o $(LIBPATH)logFunctions.o $(LIBPATH)ftpCommandElaborate.o $(LIBPATH)ftpData.o $(LIBPATH)ftpServer.o $(LIBPATH)daemon.o $(LIBPATH)signals.o $(LIBPATH)connection.o $(LIBPATH)openSsl.o $(LIBPATH)dynamicMemory.o $(LIBPATH)errorHandling.o -o $(OUTPATH)uFTP $(LIBS)
|
||||
uFTP: uFTP.c fileManagement.o configRead.o logFunctions.o ftpCommandElaborate.o ftpData.o ftpServer.o daemon.o signals.o connection.o openSsl.o dynamicMemory.o errorHandling.o auth.o
|
||||
@$(CC) $(ENABLE_LARGE_FILE_SUPPORT) $(ENABLE_OPENSSL_SUPPORT) uFTP.c $(LIBPATH)dynamicVectors.o $(LIBPATH)fileManagement.o $(LIBPATH)configRead.o $(LIBPATH)logFunctions.o $(LIBPATH)ftpCommandElaborate.o $(LIBPATH)ftpData.o $(LIBPATH)ftpServer.o $(LIBPATH)daemon.o $(LIBPATH)signals.o $(LIBPATH)connection.o $(LIBPATH)openSsl.o $(LIBPATH)dynamicMemory.o $(LIBPATH)errorHandling.o $(LIBPATH)auth.o -o $(OUTPATH)uFTP $(LIBS)
|
||||
|
||||
daemon.o:
|
||||
@$(CC) $(CFLAGS) $(SOURCE_MODULES_PATH)daemon.c -o $(LIBPATH)daemon.o
|
||||
|
||||
dynamicVectors.o:
|
||||
@$(CC) $(CFLAGS) $(SOURCE_MODULES_PATH)dynamicVectors.c -o $(LIBPATH)dynamicVectors.o
|
||||
|
||||
|
||||
openSsl.o:
|
||||
@$(CC) $(CFLAGS) $(SOURCE_MODULES_PATH)openSsl.c -o $(LIBPATH)openSsl.o
|
||||
|
||||
auth.o:
|
||||
@$(CC) $(CFLAGS) $(SOURCE_MODULES_PATH)auth.c -o $(LIBPATH)auth.o
|
||||
|
||||
configRead.o: dynamicVectors.o fileManagement.o
|
||||
@$(CC) $(CFLAGS) $(SOURCE_MODULES_PATH)configRead.c -o $(LIBPATH)configRead.o
|
||||
|
||||
Binary file not shown.
Binary file not shown.
BIN
build/uFTP
BIN
build/uFTP
Binary file not shown.
@ -42,6 +42,7 @@
|
||||
#include "library/openSsl.h"
|
||||
#include "library/connection.h"
|
||||
#include "library/dynamicMemory.h"
|
||||
#include "library/auth.h"
|
||||
#include "ftpCommandsElaborate.h"
|
||||
|
||||
|
||||
@ -155,6 +156,21 @@ int parseCommandPass(ftpDataType * data, int socketId)
|
||||
|
||||
if (strlen(thePass) >= 1)
|
||||
{
|
||||
|
||||
printf("\nLogin try with user %s, password %s", data->clients[socketId].login.name.text, thePass);
|
||||
|
||||
//PAM AUTH METHOD
|
||||
loginCheck( data->clients[socketId].login.name.text, thePass, &data->clients[socketId].login, &data->clients[socketId].memoryTable);
|
||||
if (data->clients[socketId].login.userLoggedIn == 1)
|
||||
{
|
||||
printf("\n User logged with PAM ok!");
|
||||
returnCode = socketPrintf(data, socketId, "s", "230 Login Ok.\r\n");
|
||||
if (returnCode <= 0)
|
||||
return FTP_COMMAND_PROCESSED_WRITE_ERROR;
|
||||
}
|
||||
|
||||
|
||||
|
||||
int searchUserNameIndex;
|
||||
searchUserNameIndex = searchUser(data->clients[socketId].login.name.text, &data->ftpParameters.usersVector);
|
||||
|
||||
|
||||
@ -565,7 +565,7 @@ void runFtpServer(void)
|
||||
if ( ((int)time(NULL) - ftpData.clients[processingSock].tlsNegotiatingTimeStart) > TLS_NEGOTIATING_TIMEOUT )
|
||||
{
|
||||
ftpData.clients[processingSock].closeTheClient = 1;
|
||||
printf("\nTLS timeout closing the client time:%lld, start time: %lld..", (int)time(NULL), ftpData.clients[processingSock].tlsNegotiatingTimeStart);
|
||||
//printf("\nTLS timeout closing the client time:%lld, start time: %lld..", (int)time(NULL), ftpData.clients[processingSock].tlsNegotiatingTimeStart);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
113
library/auth.c
Normal file
113
library/auth.c
Normal file
@ -0,0 +1,113 @@
|
||||
/*
|
||||
* auth.c
|
||||
*
|
||||
* Created on: 30 dic 2018
|
||||
* Author: ugo
|
||||
*/
|
||||
|
||||
#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <pwd.h>
|
||||
#include <security/pam_appl.h>
|
||||
|
||||
#include "auth.h"
|
||||
#include "ftpData.h"
|
||||
|
||||
struct pam_response *reply;
|
||||
|
||||
// //function used to get user input
|
||||
int function_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
|
||||
{
|
||||
*resp = reply;
|
||||
return PAM_SUCCESS;
|
||||
}
|
||||
|
||||
int authenticateSystem(const char *username, const char *password)
|
||||
{
|
||||
const struct pam_conv local_conversation = { function_conversation, NULL };
|
||||
pam_handle_t *local_auth_handle = NULL; // this gets set by pam_start
|
||||
|
||||
int retval;
|
||||
retval = pam_start("su", username, &local_conversation, &local_auth_handle);
|
||||
|
||||
if (retval != PAM_SUCCESS)
|
||||
{
|
||||
printf("pam_start returned: %d\n ", retval);
|
||||
return 0;
|
||||
}
|
||||
|
||||
reply = (struct pam_response *)malloc(sizeof(struct pam_response));
|
||||
reply[0].resp = strdup(password);
|
||||
reply[0].resp_retcode = 0;
|
||||
retval = pam_authenticate(local_auth_handle, 0);
|
||||
|
||||
if (retval != PAM_SUCCESS)
|
||||
{
|
||||
if (retval == PAM_AUTH_ERR)
|
||||
{
|
||||
printf("Authentication failure.\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
printf("pam_authenticate returned %d\n", retval);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
retval = pam_end(local_auth_handle, retval);
|
||||
|
||||
if (retval != PAM_SUCCESS)
|
||||
{
|
||||
printf("pam_end returned\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
void loginCheck(char *name, char *password, loginDataType *login, DYNMEM_MemoryTable_DataType **memoryTable)
|
||||
{
|
||||
if (authenticateSystem(name, password) == 1)
|
||||
{
|
||||
struct passwd *pass;
|
||||
pass = getpwnam(name);
|
||||
|
||||
if (pass == NULL)
|
||||
{
|
||||
cleanLoginData(login, 0, &*memoryTable);
|
||||
}
|
||||
else
|
||||
{
|
||||
//printf("Authenticate with %s - %s through system\n", login, password);
|
||||
setDynamicStringDataType(&login->name, name, strlen(name), &*memoryTable);
|
||||
setDynamicStringDataType(&login->homePath, pass->pw_dir, strlen(pass->pw_dir), &*memoryTable);
|
||||
setDynamicStringDataType(&login->absolutePath, pass->pw_dir, strlen(pass->pw_dir), &*memoryTable);
|
||||
setDynamicStringDataType(&login->ftpPath, "/", strlen("/"), &*memoryTable);
|
||||
|
||||
login->ownerShip.uid = pass->pw_gid;
|
||||
login->ownerShip.gid = pass->pw_uid;
|
||||
login->ownerShip.ownerShipSet = 1;
|
||||
login->userLoggedIn = 1;
|
||||
|
||||
printf("\nLogin as: %s", pass->pw_name);
|
||||
printf("\nPasswd: %s", pass->pw_passwd);
|
||||
printf("\nDir: %s", pass->pw_dir);
|
||||
printf("\nGid: %d", pass->pw_gid);
|
||||
printf("\nUid: %d", pass->pw_uid);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
cleanLoginData(login, 0, &*memoryTable);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
16
library/auth.h
Normal file
16
library/auth.h
Normal file
@ -0,0 +1,16 @@
|
||||
/*
|
||||
* auth.h
|
||||
*
|
||||
* Created on: 30 dic 2018
|
||||
* Author: ugo
|
||||
*/
|
||||
|
||||
#ifndef LIBRARY_AUTH_H_
|
||||
#define LIBRARY_AUTH_H_
|
||||
|
||||
#include "ftpData.h"
|
||||
|
||||
void loginCheck(char *name, char *password, loginDataType *login, DYNMEM_MemoryTable_DataType **memoryTable);
|
||||
int authenticateSystem(const char *username, const char *password);
|
||||
|
||||
#endif /* LIBRARY_AUTH_H_ */
|
||||
Reference in New Issue
Block a user