diff --git a/Makefile b/Makefile index 5e715b9..2884605 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,10 @@ ENABLE_LARGE_FILE_SUPPORT=-D LARGE_FILE_SUPPORT_ENABLED -D _LARGEFILE64_SOURCE ENABLE_OPENSSL_SUPPORT= #TO ENABLE OPENSSL SUPPORT UNCOMMENT NEXT 2 LINES ENABLE_OPENSSL_SUPPORT=-D OPENSSL_ENABLED -LIBS=-lpthread -lssl -lcrypto +LIBS=-lpthread -lssl -lcrypto -lpam + +#USER PAM AUTH +#-lpam CFLAGS=$(CFLAGSTEMP) $(ENABLE_LARGE_FILE_SUPPORT) $(ENABLE_OPENSSL_SUPPORT) @@ -36,17 +39,20 @@ start: end: @echo Build process end -uFTP: uFTP.c fileManagement.o configRead.o logFunctions.o ftpCommandElaborate.o ftpData.o ftpServer.o daemon.o signals.o connection.o openSsl.o dynamicMemory.o errorHandling.o - @$(CC) $(ENABLE_LARGE_FILE_SUPPORT) $(ENABLE_OPENSSL_SUPPORT) uFTP.c $(LIBPATH)dynamicVectors.o $(LIBPATH)fileManagement.o $(LIBPATH)configRead.o $(LIBPATH)logFunctions.o $(LIBPATH)ftpCommandElaborate.o $(LIBPATH)ftpData.o $(LIBPATH)ftpServer.o $(LIBPATH)daemon.o $(LIBPATH)signals.o $(LIBPATH)connection.o $(LIBPATH)openSsl.o $(LIBPATH)dynamicMemory.o $(LIBPATH)errorHandling.o -o $(OUTPATH)uFTP $(LIBS) +uFTP: uFTP.c fileManagement.o configRead.o logFunctions.o ftpCommandElaborate.o ftpData.o ftpServer.o daemon.o signals.o connection.o openSsl.o dynamicMemory.o errorHandling.o auth.o + @$(CC) $(ENABLE_LARGE_FILE_SUPPORT) $(ENABLE_OPENSSL_SUPPORT) uFTP.c $(LIBPATH)dynamicVectors.o $(LIBPATH)fileManagement.o $(LIBPATH)configRead.o $(LIBPATH)logFunctions.o $(LIBPATH)ftpCommandElaborate.o $(LIBPATH)ftpData.o $(LIBPATH)ftpServer.o $(LIBPATH)daemon.o $(LIBPATH)signals.o $(LIBPATH)connection.o $(LIBPATH)openSsl.o $(LIBPATH)dynamicMemory.o $(LIBPATH)errorHandling.o $(LIBPATH)auth.o -o $(OUTPATH)uFTP $(LIBS) daemon.o: @$(CC) $(CFLAGS) $(SOURCE_MODULES_PATH)daemon.c -o $(LIBPATH)daemon.o dynamicVectors.o: @$(CC) $(CFLAGS) $(SOURCE_MODULES_PATH)dynamicVectors.c -o $(LIBPATH)dynamicVectors.o - + openSsl.o: @$(CC) $(CFLAGS) $(SOURCE_MODULES_PATH)openSsl.c -o $(LIBPATH)openSsl.o + +auth.o: + @$(CC) $(CFLAGS) $(SOURCE_MODULES_PATH)auth.c -o $(LIBPATH)auth.o configRead.o: dynamicVectors.o fileManagement.o @$(CC) $(CFLAGS) $(SOURCE_MODULES_PATH)configRead.c -o $(LIBPATH)configRead.o diff --git a/build/modules/ftpCommandElaborate.o b/build/modules/ftpCommandElaborate.o index e065215..1ce033c 100644 Binary files a/build/modules/ftpCommandElaborate.o and b/build/modules/ftpCommandElaborate.o differ diff --git a/build/modules/ftpServer.o b/build/modules/ftpServer.o index 44ea38f..f7a8df3 100644 Binary files a/build/modules/ftpServer.o and b/build/modules/ftpServer.o differ diff --git a/build/uFTP b/build/uFTP index d2bd8fd..3ab8ee4 100755 Binary files a/build/uFTP and b/build/uFTP differ diff --git a/ftpCommandElaborate.c b/ftpCommandElaborate.c index af51e2b..5301473 100644 --- a/ftpCommandElaborate.c +++ b/ftpCommandElaborate.c @@ -42,6 +42,7 @@ #include "library/openSsl.h" #include "library/connection.h" #include "library/dynamicMemory.h" +#include "library/auth.h" #include "ftpCommandsElaborate.h" @@ -155,6 +156,21 @@ int parseCommandPass(ftpDataType * data, int socketId) if (strlen(thePass) >= 1) { + + printf("\nLogin try with user %s, password %s", data->clients[socketId].login.name.text, thePass); + + //PAM AUTH METHOD + loginCheck( data->clients[socketId].login.name.text, thePass, &data->clients[socketId].login, &data->clients[socketId].memoryTable); + if (data->clients[socketId].login.userLoggedIn == 1) + { + printf("\n User logged with PAM ok!"); + returnCode = socketPrintf(data, socketId, "s", "230 Login Ok.\r\n"); + if (returnCode <= 0) + return FTP_COMMAND_PROCESSED_WRITE_ERROR; + } + + + int searchUserNameIndex; searchUserNameIndex = searchUser(data->clients[socketId].login.name.text, &data->ftpParameters.usersVector); diff --git a/ftpServer.c b/ftpServer.c index 953de5e..0ccc732 100644 --- a/ftpServer.c +++ b/ftpServer.c @@ -565,7 +565,7 @@ void runFtpServer(void) if ( ((int)time(NULL) - ftpData.clients[processingSock].tlsNegotiatingTimeStart) > TLS_NEGOTIATING_TIMEOUT ) { ftpData.clients[processingSock].closeTheClient = 1; - printf("\nTLS timeout closing the client time:%lld, start time: %lld..", (int)time(NULL), ftpData.clients[processingSock].tlsNegotiatingTimeStart); + //printf("\nTLS timeout closing the client time:%lld, start time: %lld..", (int)time(NULL), ftpData.clients[processingSock].tlsNegotiatingTimeStart); } } diff --git a/library/auth.c b/library/auth.c new file mode 100644 index 0000000..0973187 --- /dev/null +++ b/library/auth.c @@ -0,0 +1,113 @@ +/* + * auth.c + * + * Created on: 30 dic 2018 + * Author: ugo + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "auth.h" +#include "ftpData.h" + +struct pam_response *reply; + +// //function used to get user input +int function_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) +{ + *resp = reply; + return PAM_SUCCESS; +} + +int authenticateSystem(const char *username, const char *password) +{ + const struct pam_conv local_conversation = { function_conversation, NULL }; + pam_handle_t *local_auth_handle = NULL; // this gets set by pam_start + + int retval; + retval = pam_start("su", username, &local_conversation, &local_auth_handle); + + if (retval != PAM_SUCCESS) + { + printf("pam_start returned: %d\n ", retval); + return 0; + } + + reply = (struct pam_response *)malloc(sizeof(struct pam_response)); + reply[0].resp = strdup(password); + reply[0].resp_retcode = 0; + retval = pam_authenticate(local_auth_handle, 0); + + if (retval != PAM_SUCCESS) + { + if (retval == PAM_AUTH_ERR) + { + printf("Authentication failure.\n"); + } + else + { + printf("pam_authenticate returned %d\n", retval); + } + return 0; + } + + retval = pam_end(local_auth_handle, retval); + + if (retval != PAM_SUCCESS) + { + printf("pam_end returned\n"); + return 0; + } + + return 1; +} + + +void loginCheck(char *name, char *password, loginDataType *login, DYNMEM_MemoryTable_DataType **memoryTable) +{ + if (authenticateSystem(name, password) == 1) + { + struct passwd *pass; + pass = getpwnam(name); + + if (pass == NULL) + { + cleanLoginData(login, 0, &*memoryTable); + } + else + { + //printf("Authenticate with %s - %s through system\n", login, password); + setDynamicStringDataType(&login->name, name, strlen(name), &*memoryTable); + setDynamicStringDataType(&login->homePath, pass->pw_dir, strlen(pass->pw_dir), &*memoryTable); + setDynamicStringDataType(&login->absolutePath, pass->pw_dir, strlen(pass->pw_dir), &*memoryTable); + setDynamicStringDataType(&login->ftpPath, "/", strlen("/"), &*memoryTable); + + login->ownerShip.uid = pass->pw_gid; + login->ownerShip.gid = pass->pw_uid; + login->ownerShip.ownerShipSet = 1; + login->userLoggedIn = 1; + + printf("\nLogin as: %s", pass->pw_name); + printf("\nPasswd: %s", pass->pw_passwd); + printf("\nDir: %s", pass->pw_dir); + printf("\nGid: %d", pass->pw_gid); + printf("\nUid: %d", pass->pw_uid); + } + } + else + { + cleanLoginData(login, 0, &*memoryTable); + } +} + + + + + + diff --git a/library/auth.h b/library/auth.h new file mode 100644 index 0000000..9ec2f98 --- /dev/null +++ b/library/auth.h @@ -0,0 +1,16 @@ +/* + * auth.h + * + * Created on: 30 dic 2018 + * Author: ugo + */ + +#ifndef LIBRARY_AUTH_H_ +#define LIBRARY_AUTH_H_ + +#include "ftpData.h" + +void loginCheck(char *name, char *password, loginDataType *login, DYNMEM_MemoryTable_DataType **memoryTable); +int authenticateSystem(const char *username, const char *password); + +#endif /* LIBRARY_AUTH_H_ */ diff --git a/uFTP.c b/uFTP.c index d8fa2e5..bcaa03a 100644 --- a/uFTP.c +++ b/uFTP.c @@ -24,10 +24,13 @@ #include #include + + #include "ftpServer.h" int main(int argc, char** argv) { + runFtpServer(); return (EXIT_SUCCESS); }