pam samples files to put into /etc/pam.d

ssh_silent_disconnect() and server forking. I still have to add a -D command line to avoid the forking.
password auth works, but there is no uid change yet. I'll have to make the configuration stuff really being respected by the server. (like keys, ports, users, ...)


git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@23 7dcaeef0-15fb-0310-b436-a5af3365683c

include/libssh/libssh.h

@@ -110,6 +110,7 @@ void ssh_set_verbosity(int num);
 SSH_SESSION *ssh_new();
 void ssh_set_options(SSH_SESSION *session, SSH_OPTIONS *options);
 int ssh_get_fd(SSH_SESSION *session);
+void ssh_silent_disconnect(SSH_SESSION *session);
 
 /* client.c */
 int ssh_connect(SSH_SESSION *session);

include/libssh/server.h

@@ -42,7 +42,7 @@ void ssh_bind_set_blocking(SSH_BIND *ssh_bind,int blocking);
 int ssh_bind_get_fd(SSH_BIND *ssh_bind);
 int ssh_bind_set_toaccept(SSH_BIND *ssh_bind);
 SSH_SESSION *ssh_bind_accept(SSH_BIND *ssh_bind);
-
+void ssh_bind_free(SSH_BIND *ssh_bind);
 int ssh_accept(SSH_SESSION *session);
 
 /* messages.c */

libssh/server.c

@@ -151,6 +151,14 @@ SSH_SESSION *ssh_bind_accept(SSH_BIND *ssh_bind){
     session->rsa_key=rsa;
     return session;
 }
+
+void ssh_bind_free(SSH_BIND *ssh_bind){
+    if(ssh_bind->bindfd>=0)
+        close(ssh_bind->bindfd);
+    ssh_bind->bindfd=-1;
+    free(ssh_bind);
+}
+
 extern char *supported_methods[];
 
 int server_set_kex(SSH_SESSION * session) {

libssh/session.c

@@ -81,6 +81,12 @@ void ssh_cleanup(SSH_SESSION *session){
     free(session);
 }
 
+void ssh_silent_disconnect(SSH_SESSION *session){
+    close(session->fd);
+    session->alive=0;
+    ssh_disconnect(session);
+}
+
 void ssh_set_options(SSH_SESSION *session, SSH_OPTIONS *options){
     session->options=options;
 }

sftp_server/main.c

@@ -33,6 +33,7 @@ MA 02111-1307, USA. */
 #include <errno.h>
 #include <fcntl.h>
 #include <stdio.h>
+#include <signal.h>
 #include <security/pam_appl.h>
 
 #include "server.h"
@@ -546,11 +547,20 @@ int main(int argc, char **argv){
         printf("Error listening to socket: %s\n",ssh_get_error(ssh_bind));
         return 1;
     }
+    signal(SIGCHLD,SIG_IGN);
+    while(1){
         session=ssh_bind_accept(ssh_bind);
         if(!session){
             printf("error accepting a connection : %s\n",ssh_get_error(ssh_bind));
             return 1;
         }
+        if(fork()==0){
+            break;
+        }
+        ssh_silent_disconnect(session);
+    }
+    ssh_bind_free(ssh_bind);
+    
     printf("Socket connected : %d\n",ssh_get_fd(session));
     if(ssh_accept(session)){
         printf("ssh_accept : %s\n",ssh_get_error(session));

sftp_server/pam/sftp.pam.freebsd

@@ -0,0 +1,5 @@
+sftp    auth      required  pam_unix.so    try_first_pass
+sftp    account   required  pam_unix.so
+sftp    password  required  pam_permit.so
+sftp    session   required  pam_permit.so
+

sftp_server/pam/sftp.pam.generic

@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth       required     /lib/security/pam_unix.so shadow nodelay
+auth       required     /lib/security/pam_nologin.so
+account    required     /lib/security/pam_unix.so
+password   required     /lib/security/pam_cracklib.so
+password   required     /lib/security/pam_unix.so shadow nullok use_authtok
+session    required     /lib/security/pam_unix.so
+session    required     /lib/security/pam_limits.so

sftp_server/pam/sftp.pam.gentoo

@@ -0,0 +1,6 @@
+#%PAM-1.0
+
+auth       include      system-auth
+account    include      system-auth
+password   include      system-auth
+