diff options
author | Daniel Stefan Haischt <dsh@pfsense.org> | 2006-08-18 21:08:23 +0000 |
---|---|---|
committer | Daniel Stefan Haischt <dsh@pfsense.org> | 2006-08-18 21:08:23 +0000 |
commit | 12ffd24ce62867d20de763b55d47cbc86609aac5 (patch) | |
tree | 31e77d7ba4129663c53e03fc9592b6e7b152da5f | |
parent | a75ab3e4593d0127dd103d5d22dfaa13292ce42c (diff) | |
download | pfsense-packages-12ffd24ce62867d20de763b55d47cbc86609aac5.tar.gz pfsense-packages-12ffd24ce62867d20de763b55d47cbc86609aac5.tar.bz2 pfsense-packages-12ffd24ce62867d20de763b55d47cbc86609aac5.zip |
fixed FTP service
-rw-r--r-- | packages/freenas/pkg/freenas_services.inc | 104 | ||||
-rw-r--r-- | packages/freenas/www/services_ftp.php | 41 |
2 files changed, 135 insertions, 10 deletions
diff --git a/packages/freenas/pkg/freenas_services.inc b/packages/freenas/pkg/freenas_services.inc index c49d7823..add418ed 100644 --- a/packages/freenas/pkg/freenas_services.inc +++ b/packages/freenas/pkg/freenas_services.inc @@ -31,6 +31,9 @@ POSSIBILITY OF SUCH DAMAGE. */ +define (FTP_BACKEND_PAM, "pam"); +define (FTP_BACKEND_PLAINTEXT, "plaintext"); + $freenas_config =& $config['installedpackages']['freenas']['config'][0]; function services_samba_configure() { @@ -449,7 +452,7 @@ function services_ftpd_configure() { } function services_wzdftpd_configure() { - global $freenas_config, $g; + global $freenas_config, $config, $g; /* kill any WZDFTPD */ killbyname("wzdftpd"); @@ -466,6 +469,7 @@ function services_wzdftpd_configure() { mkdir("/usr/local/etc/wzdftpd"); /* generate wzd.cfg */ + chmod("/usr/local/etc/wzdftpd/wzd.cfg", 0600); $fd = fopen("/usr/local/etc/wzdftpd/wzd.cfg", "w"); if (!$fd) { printf("Error: cannot open vsftpd.conf in services_vsftpd_configure().\n"); @@ -487,7 +491,7 @@ pasv_high_range = {$freenas_config['ftp']['pasv_max_port']} EOD; } - + $ftpconf .= <<<EOD pasv_ip = {$freenas_config['ftp']['pasv_address']} @@ -497,7 +501,7 @@ xferlog = /var/log/wzdftpd/xferlog logdir = /var/log/wzdftpd max_threads = 32 -backend = /usr/local/share/wzdftpd/backends/libwzdpam.so +backend = /usr/local/share/wzdftpd/backends/libwzd{$freenas_config['ftp']['authentication_backend']}.so max_ul_speed = 0 max_dl_speed = 0 @@ -544,7 +548,16 @@ site_grpratio = +O site_grpren = +O site_gsinfo = +O +G site_help = * -site_idle = * + +EOD; + +if (! empty($freenas_config['ftp']['timeout'])) { +$ftpconf .= "site_idle ={$freenas_config['ftp']['timeout']}\n"; +} else { +$ftpconf .= "site_idle = *\n"; +} + + $ftpconf .= <<<EOD site_invite = !=guest * site_kick = +O site_kill = +O @@ -594,14 +607,16 @@ EOD; [ZEROCONF] zeroconf_port = {$freenas_config['ftp']['port']} -zeroconf_username = root +zeroconf_username = wzdftpd +zeroconf_password = wzdftpd zeroconf_path = / EOD; } - + $ftpconf .= <<<EOD + [sfv] progressmeter = [WzD] - %3d%% Complete - [WzD] del_progressmeter = \[.*] - ...% Complete - \[WzD] @@ -637,9 +652,84 @@ EOD; if (isset($freenas_config['ftp']['banner'])) { $ftpconf .= "200 = {$freenas_config['ftp']['banner']}"; } - + fwrite($fd, $ftpconf); fclose($fd); + chmod("/usr/local/etc/wzdftpd/wzd.cfg", 0400); + + /* now generate the plaintext userfail (if applicable) */ + if ($freenas_config['ftp']['authentication_backend'] == "plaintext") { + $ftpusers = "[GROUPS]\n"; + $a_group =& $config['system']['group']; + $a_user =& $config['system']['user']; + + for ($i = 0; $i < count($a_group); $i++) { + $group = $a_group[$i]; + $gid = $i + 1; + + $ftpusers .= <<<EOD + +privgroup {$group['name']} +gid={$gid} +default_home=/ + +EOD; + } // end foreach + + /* anonymous group */ + if (! empty($freenas_config['ftp']['anonymous'])) { + $ftpusers .= <<<EOD + +privgroup anonymous +max_idle_time=10 +gid=3 +default_home=/home + +EOD; + } + + /* same for users */ + $ftpusers .= "[USERS]\n"; + for ($i = 0; $i < count($a_user); $i++) { + $user = $a_user[$i]; + $ftpusers .= <<<EOD + +name={$user['name']} +pass={$user['password']} +home=/ +uid={$i} +groups={$user['groupname']} +rights=0xffffffff + +EOD; + } // end foreach + + /* anonymous user */ + if (! empty($freenas_config['ftp']['anonymous'])) { + $ftpusers .= <<<EOD + +name=guest +pass=% +home=/tmp +uid=200 +groups=anonymous +rights=0x10003 +ip_allowed=* +max_dl_speed=20480 +credits=0 +bytes_ul_total=0 +bytes_dl_total=1918812 +num_logins=2 + +EOD; + } + + $ftpusers .= "[HOSTS]\nall = *\n"; + chmod("/usr/local/etc/wzdftpd/users", 0600); + file_put_contents("/usr/local/etc/wzdftpd/users", $ftpusers); + chmod("/usr/local/etc/wzdftpd/users", 0400); + + } // end if /* run vsftpd */ mwexec("/usr/local/sbin/wzdftpd -f /usr/local/etc/wzdftpd/wzd.cfg"); diff --git a/packages/freenas/www/services_ftp.php b/packages/freenas/www/services_ftp.php index 1d0ad6d4..a9b972f9 100644 --- a/packages/freenas/www/services_ftp.php +++ b/packages/freenas/www/services_ftp.php @@ -48,6 +48,7 @@ if (!is_array($freenas_config['ftp'])) $pconfig['enable'] = isset($freenas_config['ftp']['enable']); $pconfig['port'] = $freenas_config['ftp']['port']; +$pconfig['authbackend'] = $freenas_config['ftp']['authentication_backend']; $pconfig['numberclients'] = $freenas_config['ftp']['numberclients']; $pconfig['maxconperip'] = $freenas_config['ftp']['maxconperip']; $pconfig['timeout'] = $freenas_config['ftp']['timeout']; @@ -74,7 +75,7 @@ if (! empty($_POST)) $reqdfields = array_merge($reqdfields, explode(" ", "numberclients maxconperip timeout port")); $reqdfieldsn = array_merge($reqdfieldsn, explode(",", "Numberclients,Maxconperip,Timeout,Port")); } - + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if ($_POST['enable'] && !is_port($_POST['port'])) @@ -148,6 +149,7 @@ if (! empty($_POST)) $freenas_config['ftp']['maxconperip'] = $_POST['maxconperip']; $freenas_config['ftp']['timeout'] = $_POST['timeout']; $freenas_config['ftp']['port'] = $_POST['port']; + $freenas_config['ftp']['authentication_backend'] = $_POST['authbackend']; $freenas_config['ftp']['anonymous'] = $_POST['anonymous'] ? true : false; $freenas_config['ftp']['localuser'] = $_POST['localuser'] ? true : false; $freenas_config['ftp']['pasv_max_port'] = $_POST['pasv_max_port']; @@ -185,7 +187,7 @@ function enable_change(enable_change) { endis = !(document.iform.enable.checked || enable_change); endis ? color = '#D4D0C8' : color = '#FFFFFF'; - + document.iform.port.disabled = endis; document.iform.timeout.disabled = endis; document.iform.numberclients.disabled = endis; @@ -244,10 +246,43 @@ echo $pfSenseHead->getHTML(); <input name="port" type="text" class="formfld unknown" id="port" size="20" value="<?=htmlspecialchars($pconfig['port']);?>" /> </td> </tr> + <?php + if (file_exists("/usr/local/sbin/wzdftpd")) { + $a_backends = array(); + + $dh = opendir("/usr/local/share/wzdftpd/backends"); + while (false !== ($filename = readdir($dh))) { + if (preg_match("/\.so$/", $filename)) { + $lastslash = strrpos($filename, "/"); + $dot = strrpos($filename, "."); + + $backend_name = str_replace("libwzd", + "", + substr($filename, + $lastslash, + $dot - $lastslash)); + $a_backends[] = $backend_name; + } + } + } + ?> + <?php if (is_array($a_backends)) : ?> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication Backend");?></td> + <td width="78%" class="vtable" align="left" valign="middle"> + <select name="authbackend" id="authbackend" class="formselect"> + <?php foreach ($a_backends as $backend) : ?> + <option value="<?= $backend ?>"><?= $backend ?></option> + <?php endforeach; ?> + </select><br /> + <?= gettext("Choose a particular backend, that will be used to authenticate FTP users."); ?> + </td> + </tr> + <?php endif; ?> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Number of clients");?></td> <td width="78%" class="vtable" align="left" valign="middle"> - <input name="numberclients" type="text" class="formfld unknown" id="numberclients" size="20" value="<?=htmlspecialchars($pconfig['numberclients']);?>" /> + <input name="numberclients" type="text" class="formfld unknown" id="numberclients" size="20" value="<?=htmlspecialchars($pconfig['numberclients']);?>" /> <br /> <?= gettext("Maximum number of simultaneous clients."); ?> </td> |