aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Stefan Haischt <dsh@pfsense.org>2006-08-18 21:08:23 +0000
committerDaniel Stefan Haischt <dsh@pfsense.org>2006-08-18 21:08:23 +0000
commit12ffd24ce62867d20de763b55d47cbc86609aac5 (patch)
tree31e77d7ba4129663c53e03fc9592b6e7b152da5f
parenta75ab3e4593d0127dd103d5d22dfaa13292ce42c (diff)
downloadpfsense-packages-12ffd24ce62867d20de763b55d47cbc86609aac5.tar.gz
pfsense-packages-12ffd24ce62867d20de763b55d47cbc86609aac5.tar.bz2
pfsense-packages-12ffd24ce62867d20de763b55d47cbc86609aac5.zip
fixed FTP service
-rw-r--r--packages/freenas/pkg/freenas_services.inc104
-rw-r--r--packages/freenas/www/services_ftp.php41
2 files changed, 135 insertions, 10 deletions
diff --git a/packages/freenas/pkg/freenas_services.inc b/packages/freenas/pkg/freenas_services.inc
index c49d7823..add418ed 100644
--- a/packages/freenas/pkg/freenas_services.inc
+++ b/packages/freenas/pkg/freenas_services.inc
@@ -31,6 +31,9 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+define (FTP_BACKEND_PAM, "pam");
+define (FTP_BACKEND_PLAINTEXT, "plaintext");
+
$freenas_config =& $config['installedpackages']['freenas']['config'][0];
function services_samba_configure() {
@@ -449,7 +452,7 @@ function services_ftpd_configure() {
}
function services_wzdftpd_configure() {
- global $freenas_config, $g;
+ global $freenas_config, $config, $g;
/* kill any WZDFTPD */
killbyname("wzdftpd");
@@ -466,6 +469,7 @@ function services_wzdftpd_configure() {
mkdir("/usr/local/etc/wzdftpd");
/* generate wzd.cfg */
+ chmod("/usr/local/etc/wzdftpd/wzd.cfg", 0600);
$fd = fopen("/usr/local/etc/wzdftpd/wzd.cfg", "w");
if (!$fd) {
printf("Error: cannot open vsftpd.conf in services_vsftpd_configure().\n");
@@ -487,7 +491,7 @@ pasv_high_range = {$freenas_config['ftp']['pasv_max_port']}
EOD;
}
-
+
$ftpconf .= <<<EOD
pasv_ip = {$freenas_config['ftp']['pasv_address']}
@@ -497,7 +501,7 @@ xferlog = /var/log/wzdftpd/xferlog
logdir = /var/log/wzdftpd
max_threads = 32
-backend = /usr/local/share/wzdftpd/backends/libwzdpam.so
+backend = /usr/local/share/wzdftpd/backends/libwzd{$freenas_config['ftp']['authentication_backend']}.so
max_ul_speed = 0
max_dl_speed = 0
@@ -544,7 +548,16 @@ site_grpratio = +O
site_grpren = +O
site_gsinfo = +O +G
site_help = *
-site_idle = *
+
+EOD;
+
+if (! empty($freenas_config['ftp']['timeout'])) {
+$ftpconf .= "site_idle ={$freenas_config['ftp']['timeout']}\n";
+} else {
+$ftpconf .= "site_idle = *\n";
+}
+
+ $ftpconf .= <<<EOD
site_invite = !=guest *
site_kick = +O
site_kill = +O
@@ -594,14 +607,16 @@ EOD;
[ZEROCONF]
zeroconf_port = {$freenas_config['ftp']['port']}
-zeroconf_username = root
+zeroconf_username = wzdftpd
+zeroconf_password = wzdftpd
zeroconf_path = /
EOD;
}
-
+
$ftpconf .= <<<EOD
+
[sfv]
progressmeter = [WzD] - %3d%% Complete - [WzD]
del_progressmeter = \[.*] - ...% Complete - \[WzD]
@@ -637,9 +652,84 @@ EOD;
if (isset($freenas_config['ftp']['banner'])) {
$ftpconf .= "200 = {$freenas_config['ftp']['banner']}";
}
-
+
fwrite($fd, $ftpconf);
fclose($fd);
+ chmod("/usr/local/etc/wzdftpd/wzd.cfg", 0400);
+
+ /* now generate the plaintext userfail (if applicable) */
+ if ($freenas_config['ftp']['authentication_backend'] == "plaintext") {
+ $ftpusers = "[GROUPS]\n";
+ $a_group =& $config['system']['group'];
+ $a_user =& $config['system']['user'];
+
+ for ($i = 0; $i < count($a_group); $i++) {
+ $group = $a_group[$i];
+ $gid = $i + 1;
+
+ $ftpusers .= <<<EOD
+
+privgroup {$group['name']}
+gid={$gid}
+default_home=/
+
+EOD;
+ } // end foreach
+
+ /* anonymous group */
+ if (! empty($freenas_config['ftp']['anonymous'])) {
+ $ftpusers .= <<<EOD
+
+privgroup anonymous
+max_idle_time=10
+gid=3
+default_home=/home
+
+EOD;
+ }
+
+ /* same for users */
+ $ftpusers .= "[USERS]\n";
+ for ($i = 0; $i < count($a_user); $i++) {
+ $user = $a_user[$i];
+ $ftpusers .= <<<EOD
+
+name={$user['name']}
+pass={$user['password']}
+home=/
+uid={$i}
+groups={$user['groupname']}
+rights=0xffffffff
+
+EOD;
+ } // end foreach
+
+ /* anonymous user */
+ if (! empty($freenas_config['ftp']['anonymous'])) {
+ $ftpusers .= <<<EOD
+
+name=guest
+pass=%
+home=/tmp
+uid=200
+groups=anonymous
+rights=0x10003
+ip_allowed=*
+max_dl_speed=20480
+credits=0
+bytes_ul_total=0
+bytes_dl_total=1918812
+num_logins=2
+
+EOD;
+ }
+
+ $ftpusers .= "[HOSTS]\nall = *\n";
+ chmod("/usr/local/etc/wzdftpd/users", 0600);
+ file_put_contents("/usr/local/etc/wzdftpd/users", $ftpusers);
+ chmod("/usr/local/etc/wzdftpd/users", 0400);
+
+ } // end if
/* run vsftpd */
mwexec("/usr/local/sbin/wzdftpd -f /usr/local/etc/wzdftpd/wzd.cfg");
diff --git a/packages/freenas/www/services_ftp.php b/packages/freenas/www/services_ftp.php
index 1d0ad6d4..a9b972f9 100644
--- a/packages/freenas/www/services_ftp.php
+++ b/packages/freenas/www/services_ftp.php
@@ -48,6 +48,7 @@ if (!is_array($freenas_config['ftp']))
$pconfig['enable'] = isset($freenas_config['ftp']['enable']);
$pconfig['port'] = $freenas_config['ftp']['port'];
+$pconfig['authbackend'] = $freenas_config['ftp']['authentication_backend'];
$pconfig['numberclients'] = $freenas_config['ftp']['numberclients'];
$pconfig['maxconperip'] = $freenas_config['ftp']['maxconperip'];
$pconfig['timeout'] = $freenas_config['ftp']['timeout'];
@@ -74,7 +75,7 @@ if (! empty($_POST))
$reqdfields = array_merge($reqdfields, explode(" ", "numberclients maxconperip timeout port"));
$reqdfieldsn = array_merge($reqdfieldsn, explode(",", "Numberclients,Maxconperip,Timeout,Port"));
}
-
+
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
if ($_POST['enable'] && !is_port($_POST['port']))
@@ -148,6 +149,7 @@ if (! empty($_POST))
$freenas_config['ftp']['maxconperip'] = $_POST['maxconperip'];
$freenas_config['ftp']['timeout'] = $_POST['timeout'];
$freenas_config['ftp']['port'] = $_POST['port'];
+ $freenas_config['ftp']['authentication_backend'] = $_POST['authbackend'];
$freenas_config['ftp']['anonymous'] = $_POST['anonymous'] ? true : false;
$freenas_config['ftp']['localuser'] = $_POST['localuser'] ? true : false;
$freenas_config['ftp']['pasv_max_port'] = $_POST['pasv_max_port'];
@@ -185,7 +187,7 @@ function enable_change(enable_change) {
endis = !(document.iform.enable.checked || enable_change);
endis ? color = '#D4D0C8' : color = '#FFFFFF';
-
+
document.iform.port.disabled = endis;
document.iform.timeout.disabled = endis;
document.iform.numberclients.disabled = endis;
@@ -244,10 +246,43 @@ echo $pfSenseHead->getHTML();
<input name="port" type="text" class="formfld unknown" id="port" size="20" value="<?=htmlspecialchars($pconfig['port']);?>" />
</td>
</tr>
+ <?php
+ if (file_exists("/usr/local/sbin/wzdftpd")) {
+ $a_backends = array();
+
+ $dh = opendir("/usr/local/share/wzdftpd/backends");
+ while (false !== ($filename = readdir($dh))) {
+ if (preg_match("/\.so$/", $filename)) {
+ $lastslash = strrpos($filename, "/");
+ $dot = strrpos($filename, ".");
+
+ $backend_name = str_replace("libwzd",
+ "",
+ substr($filename,
+ $lastslash,
+ $dot - $lastslash));
+ $a_backends[] = $backend_name;
+ }
+ }
+ }
+ ?>
+ <?php if (is_array($a_backends)) : ?>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication Backend");?></td>
+ <td width="78%" class="vtable" align="left" valign="middle">
+ <select name="authbackend" id="authbackend" class="formselect">
+ <?php foreach ($a_backends as $backend) : ?>
+ <option value="<?= $backend ?>"><?= $backend ?></option>
+ <?php endforeach; ?>
+ </select><br />
+ <?= gettext("Choose a particular backend, that will be used to authenticate FTP users."); ?>
+ </td>
+ </tr>
+ <?php endif; ?>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Number of clients");?></td>
<td width="78%" class="vtable" align="left" valign="middle">
- <input name="numberclients" type="text" class="formfld unknown" id="numberclients" size="20" value="<?=htmlspecialchars($pconfig['numberclients']);?>" />
+ <input name="numberclients" type="text" class="formfld unknown" id="numberclients" size="20" value="<?=htmlspecialchars($pconfig['numberclients']);?>" />
<br />
<?= gettext("Maximum number of simultaneous clients."); ?>
</td>