<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2654.45">
<TITLE>Compiling ftp proxy</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2 FACE="Arial">Hi, all</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">I am trying to compile ftp.proxy on my SPARC 10
station (Solaris 2.6, gcc 2.95.3). According to the instruction, I did
"make" and I got error message:</FONT></P>
<P><FONT SIZE=2 FACE="Arial">$ make</FONT>
<BR><FONT SIZE=2 FACE="Arial">cd src; make ftp.proxy </FONT>
<BR><FONT SIZE=2 FACE="Arial">gcc -O2 -Wall -ggdb -c main.c</FONT>
<BR><FONT SIZE=2 FACE="Arial">main.c: In function `main':</FONT>
<BR><FONT SIZE=2 FACE="Arial">main.c:88: `LOG_FTP' undeclared (first use in
this function)</FONT>
<BR><FONT SIZE=2 FACE="Arial">main.c:88: (Each undeclared identifier is
reported only once</FONT>
<BR><FONT SIZE=2 FACE="Arial">main.c:88: for each function it appears
in.)</FONT>
<BR><FONT SIZE=2 FACE="Arial">*** Error code 1</FONT>
<BR><FONT SIZE=2 FACE="Arial">make: Fatal error: Command failed for target
`main.o'</FONT>
<BR><FONT SIZE=2 FACE="Arial">Current working directory
/export/home/rc6/ftpproxy-1.1.5/src</FONT>
<BR><FONT SIZE=2 FACE="Arial">*** Error code 1</FONT>
<BR><FONT SIZE=2 FACE="Arial">make: Fatal error: Command failed for target
`ftp.proxy'</FONT>
</P>
<BR>
<P><FONT SIZE=2 FACE="Arial">Does anyone have any idea what's wrong here?
Thanks.</FONT>
</P>
<BR>
<P><FONT SIZE=2 FACE="Arial">Ryan Jiang</FONT>
<BR><FONT SIZE=2 FACE="Arial">Senior UNIX administrator</FONT>
<BR><FONT SIZE=2 FACE="Arial">Liz Claiborne, Inc.</FONT>
</P>
</BODY>
</HTML>
</x-html>
From [EMAIL PROTECTED] Thu Jul 18 10:05:39 2002
X-Persona: <ftp.pproxy>
Return-path: <[EMAIL PROTECTED]>
Received: from hotmail.com ((f142.law4.hotmail.com) [216.33.149.142])
by compucation.de ([213.185.64.44])
with SMTP (MDaemon.PRO.v6.0.3.R)
for <[email protected]>; Wed, 17 Jul 2002 21:10:11 +0200
X-Originating-IP: [216.46.98.240]
From: "Jonathan Zuilkowski" <[EMAIL PROTECTED]>
To: "general-l List Member" <[email protected]>
Bcc:
Subject: [general-l] Compiling ftp proxy {02}
Date: Wed, 17 Jul 2002 15:10:06 -0400
Mime-Version: 1.0
Message-ID: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 17 Jul 2002 19:10:06.0054 (UTC)
FILETIME=[8F957860:01C22DC5]
X-Lookup-Warning: MAIL lookup on [EMAIL PROTECTED] does not match 216.33.149.142
X-MDRcpt-To: [EMAIL PROTECTED]
X-MDRemoteIP: 216.33.149.142
Sender: [EMAIL PROTECTED]
X-Return-Path: [EMAIL PROTECTED]
Precedence: bulk
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
X-MDMailing-List: [EMAIL PROTECTED]
X-MDSend-Notifications-To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-MDaemon-Deliver-To: [email protected]
X-Eudora2Unix: 3905-11-05T08:39:35Z converted
<x-flowed>
I believe the reason for this is that Solaris 2.6 does not have the LOG_FTP
facility in the syslog functions.
You might have to change all references to LOG_FTP to LOCAL_[1-9], and set
LOCAL_(whatever you chose) in the /etc/syslog.conf file.
Does anyone know if there's a directive for this?
>From: Ruiyuan Jiang <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: "general-l List Member" <[EMAIL PROTECTED]>
>Subject: [general-l] Compiling ftp proxy {01}
>Date: Wed, 17 Jul 2002 13:55:34 -0400
>
>Hi, all
>
>I am trying to compile ftp.proxy on my SPARC 10 station (Solaris 2.6, gcc
>2.95.3). According to the instruction, I did "make" and I got error
>message:
>
>$ make
>cd src; make ftp.proxy
>gcc -O2 -Wall -ggdb -c main.c
>main.c: In function `main':
>main.c:88: `LOG_FTP' undeclared (first use in this function)
>main.c:88: (Each undeclared identifier is reported only once
>main.c:88: for each function it appears in.)
>*** Error code 1
>make: Fatal error: Command failed for target `main.o'
>Current working directory /export/home/rc6/ftpproxy-1.1.5/src
>*** Error code 1
>make: Fatal error: Command failed for target `ftp.proxy'
>
>
>Does anyone have any idea what's wrong here? Thanks.
>
>
>Ryan Jiang
>Senior UNIX administrator
>Liz Claiborne, Inc.
_________________________________________________________________
Join the worlds largest e-mail service with MSN Hotmail.
http://www.hotmail.com
</x-flowed>
From [EMAIL PROTECTED] Thu Jul 18 10:05:40 2002
X-Persona: <ftp.pproxy>
Return-path: <[EMAIL PROTECTED]>
Received: from hotmail.com ((f116.law4.hotmail.com) [216.33.149.116])
by compucation.de ([213.185.64.44])
with SMTP (MDaemon.PRO.v6.0.3.R)
for <[email protected]>; Wed, 17 Jul 2002 21:30:45 +0200
X-Originating-IP: [216.46.98.240]
From: "Jonathan Zuilkowski" <[EMAIL PROTECTED]>
To: "general-l List Member" <[email protected]>
Bcc:
Subject: [general-l] LDAP support {01}
Date: Wed, 17 Jul 2002 15:30:35 -0400
Mime-Version: 1.0
Message-ID: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 17 Jul 2002 19:30:35.0645 (UTC)
FILETIME=[6C7A2AD0:01C22DC8]
X-Lookup-Warning: MAIL lookup on [EMAIL PROTECTED] does not match 216.33.149.116
X-MDRcpt-To: [EMAIL PROTECTED]
X-MDRemoteIP: 216.33.149.116
Sender: [EMAIL PROTECTED]
X-Return-Path: [EMAIL PROTECTED]
Precedence: bulk
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
X-MDMailing-List: [EMAIL PROTECTED]
X-MDSend-Notifications-To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-MDaemon-Deliver-To: [email protected]
X-Eudora2Unix: 3905-11-05T08:39:35Z converted
<x-flowed>
I'm trying to get this proxy running with LDAP.
I'm glad to see that most of the user variabled are stored in LDAP.
What I would like to know is this:
If you set ValidCommands for a small number of user's, will the rest of the
valid users get the default from the config file, or wil I have to set them
all if I set any?
Also, why is the password pulled, optionally decrypted, then compared using
program logic rather that just binding with the userid and password in
question?
If you use the latter, it would negate the need for a bindid and
bindpassword because you would then just use the one you're checking...
I'm not at all a good C coder, but I'll take a crack at it...
-Jon
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
</x-flowed>
From [EMAIL PROTECTED] Thu Jul 18 10:05:40 2002
X-Persona: <ftp.pproxy>
Return-path: <[EMAIL PROTECTED]>
Received: from smtp.liz-claiborne.com ([156.146.109.246])
by compucation.de ([213.185.64.44])
with SMTP (MDaemon.PRO.v6.0.3.R)
for <[email protected]>; Wed, 17 Jul 2002 22:05:47 +0200
Message-ID: <[EMAIL PROTECTED]>
From: Ruiyuan Jiang <[EMAIL PROTECTED]>
To: "general-l List Member" <[email protected]>
Subject: [general-l] Compiling ftp proxy {03}
Date: Wed, 17 Jul 2002 16:05:34 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
X-MDRcpt-To: [EMAIL PROTECTED]
X-MDRemoteIP: 156.146.109.246
Sender: [EMAIL PROTECTED]
X-Return-Path: [EMAIL PROTECTED]
Precedence: bulk
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
X-MDMailing-List: [EMAIL PROTECTED]
X-MDSend-Notifications-To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-MDaemon-Deliver-To: [email protected]
X-Eudora2Unix: 3905-11-05T08:39:35Z converted
<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2654.45">
<TITLE>RE: [general-l] Compiling ftp proxy {02}</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>Hi, Jonathan</FONT>
</P>
<P><FONT SIZE=2>Can you be more specific? I don't see LOG_FTP directive in
Makefile of ftp.proxy. How do I make change in /etc/syslog.conf file.
Thanks.</FONT></P>
<BR>
<BR>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Jonathan Zuilkowski [<A HREF="mailto:[EMAIL
PROTECTED]">mailto:[EMAIL PROTECTED]</A>]</FONT>
<BR><FONT SIZE=2>Sent: Wednesday, July 17, 2002 3:10 PM</FONT>
<BR><FONT SIZE=2>To: general-l List Member</FONT>
<BR><FONT SIZE=2>Subject: [general-l] Compiling ftp proxy {02}</FONT>
</P>
<BR>
<P><FONT SIZE=2>I believe the reason for this is that Solaris 2.6 does not have
the LOG_FTP </FONT>
<BR><FONT SIZE=2>facility in the syslog functions.</FONT>
</P>
<P><FONT SIZE=2>You might have to change all references to LOG_FTP to
LOCAL_[1-9], and set </FONT>
<BR><FONT SIZE=2>LOCAL_(whatever you chose) in the /etc/syslog.conf file.</FONT>
</P>
<P><FONT SIZE=2>Does anyone know if there's a directive for this?</FONT>
</P>
<BR>
<P><FONT SIZE=2>>From: Ruiyuan Jiang <[EMAIL PROTECTED]></FONT>
<BR><FONT SIZE=2>>Reply-To: [EMAIL PROTECTED]</FONT>
<BR><FONT SIZE=2>>To: "general-l List Member" <[EMAIL
PROTECTED]></FONT>
<BR><FONT SIZE=2>>Subject: [general-l] Compiling ftp proxy {01}</FONT>
<BR><FONT SIZE=2>>Date: Wed, 17 Jul 2002 13:55:34 -0400</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>>Hi, all</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>>I am trying to compile ftp.proxy on my SPARC 10 station
(Solaris 2.6, gcc</FONT>
<BR><FONT SIZE=2>>2.95.3). According to the instruction, I did
"make" and I got error </FONT>
<BR><FONT SIZE=2>>message:</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>>$ make</FONT>
<BR><FONT SIZE=2>>cd src; make ftp.proxy</FONT>
<BR><FONT SIZE=2>>gcc -O2 -Wall -ggdb -c main.c</FONT>
<BR><FONT SIZE=2>>main.c: In function `main':</FONT>
<BR><FONT SIZE=2>>main.c:88: `LOG_FTP' undeclared (first use in this
function)</FONT>
<BR><FONT SIZE=2>>main.c:88: (Each undeclared identifier is reported only
once</FONT>
<BR><FONT SIZE=2>>main.c:88: for each function it appears in.)</FONT>
<BR><FONT SIZE=2>>*** Error code 1</FONT>
<BR><FONT SIZE=2>>make: Fatal error: Command failed for target
`main.o'</FONT>
<BR><FONT SIZE=2>>Current working directory
/export/home/rc6/ftpproxy-1.1.5/src</FONT>
<BR><FONT SIZE=2>>*** Error code 1</FONT>
<BR><FONT SIZE=2>>make: Fatal error: Command failed for target
`ftp.proxy'</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>>Does anyone have any idea what's wrong here? Thanks.</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>>Ryan Jiang</FONT>
<BR><FONT SIZE=2>>Senior UNIX administrator</FONT>
<BR><FONT SIZE=2>>Liz Claiborne, Inc.</FONT>
</P>
<BR>
<BR>
<BR>
<P><FONT
SIZE=2>_________________________________________________________________</FONT>
<BR><FONT SIZE=2>Join the world's largest e-mail service with MSN Hotmail.
</FONT>
<BR><FONT SIZE=2><A HREF="http://www.hotmail.com";
TARGET="_blank">http://www.hotmail.com</A></FONT>
</P>
</BODY>
</HTML>
</x-html>
From [EMAIL PROTECTED] Thu Jul 18 10:05:40 2002
X-Persona: <ftp.pproxy>
Return-path: <[EMAIL PROTECTED]>
Received: from hotmail.com ((f6.law4.hotmail.com) [216.33.149.6])
by compucation.de ([213.185.64.44])
with SMTP (MDaemon.PRO.v6.0.3.R)
for <[email protected]>; Wed, 17 Jul 2002 22:17:17 +0200
X-Originating-IP: [216.46.98.240]
From: "Jonathan Zuilkowski" <[EMAIL PROTECTED]>
To: "general-l List Member" <[email protected]>
Bcc:
Subject: [general-l] Compiling ftp proxy {04}
Date: Wed, 17 Jul 2002 16:17:11 -0400
Mime-Version: 1.0
Message-ID: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 17 Jul 2002 20:17:12.0309 (UTC)
FILETIME=[EF6B3A50:01C22DCE]
X-Lookup-Warning: MAIL lookup on [EMAIL PROTECTED] does not match 216.33.149.6
X-MDRcpt-To: [EMAIL PROTECTED]
X-MDRemoteIP: 216.33.149.6
Sender: [EMAIL PROTECTED]
X-Return-Path: [EMAIL PROTECTED]
Precedence: bulk
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
X-MDMailing-List: [EMAIL PROTECTED]
X-MDSend-Notifications-To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-MDaemon-Deliver-To: [email protected]
X-Eudora2Unix: 3905-11-05T08:39:35Z converted
<x-flowed>
I think I know what you did.
I think you're trying to build ftp.proxy, this is NOT the same software.
Get the sources from:
ftp://ftp.suse.com/pub/projects/proxy-suite/src/proxy-suite-1.9.tar.gz
and try again.
Sorry for the mis-information in my last reply.
>From: Ruiyuan Jiang <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: "general-l List Member" <[EMAIL PROTECTED]>
>Subject: [general-l] Compiling ftp proxy {03}
>Date: Wed, 17 Jul 2002 16:05:34 -0400
>
>Hi, Jonathan
>
>Can you be more specific? I don't see LOG_FTP directive in Makefile of
>ftp.proxy. How do I make change in /etc/syslog.conf file. Thanks.
>
>
>
>-----Original Message-----
>From: Jonathan Zuilkowski [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, July 17, 2002 3:10 PM
>To: general-l List Member
>Subject: [general-l] Compiling ftp proxy {02}
>
>
>I believe the reason for this is that Solaris 2.6 does not have the LOG_FTP
>facility in the syslog functions.
>
>You might have to change all references to LOG_FTP to LOCAL_[1-9], and set
>LOCAL_(whatever you chose) in the /etc/syslog.conf file.
>
>Does anyone know if there's a directive for this?
>
>
> >From: Ruiyuan Jiang <[EMAIL PROTECTED]>
> >Reply-To: [EMAIL PROTECTED]
> >To: "general-l List Member" <[EMAIL PROTECTED]>
> >Subject: [general-l] Compiling ftp proxy {01}
> >Date: Wed, 17 Jul 2002 13:55:34 -0400
> >
> >Hi, all
> >
> >I am trying to compile ftp.proxy on my SPARC 10 station (Solaris 2.6, gcc
> >2.95.3). According to the instruction, I did "make" and I got error
> >message:
> >
> >$ make
> >cd src; make ftp.proxy
> >gcc -O2 -Wall -ggdb -c main.c
> >main.c: In function `main':
> >main.c:88: `LOG_FTP' undeclared (first use in this function)
> >main.c:88: (Each undeclared identifier is reported only once
> >main.c:88: for each function it appears in.)
> >*** Error code 1
> >make: Fatal error: Command failed for target `main.o'
> >Current working directory /export/home/rc6/ftpproxy-1.1.5/src
> >*** Error code 1
> >make: Fatal error: Command failed for target `ftp.proxy'
> >
> >
> >Does anyone have any idea what's wrong here? Thanks.
> >
> >
> >Ryan Jiang
> >Senior UNIX administrator
> >Liz Claiborne, Inc.
>
>
>
>
>_________________________________________________________________
>Join the world's largest e-mail service with MSN Hotmail.
>http://www.hotmail.com
_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx
</x-flowed>
From [EMAIL PROTECTED] Thu Jul 18 10:05:40 2002
X-Persona: <ftp.pproxy>
Return-path: <[EMAIL PROTECTED]>
Received: from hotmail.com ((f63.law4.hotmail.com) [216.33.149.63])
by compucation.de ([213.185.64.44])
with SMTP (MDaemon.PRO.v6.0.3.R)
for <[email protected]>; Wed, 17 Jul 2002 22:38:56 +0200
X-Originating-IP: [216.46.98.240]
From: "Jonathan Zuilkowski" <[EMAIL PROTECTED]>
To: "general-l List Member" <[email protected]>
Bcc:
Subject: [general-l] More LDAP {01}
Date: Wed, 17 Jul 2002 16:38:51 -0400
Mime-Version: 1.0
Message-ID: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 17 Jul 2002 20:38:51.0336 (UTC)
FILETIME=[F5B30480:01C22DD1]
X-Lookup-Warning: MAIL lookup on [EMAIL PROTECTED] does not match 216.33.149.63
X-MDRcpt-To: [EMAIL PROTECTED]
X-MDRemoteIP: 216.33.149.63
Sender: [EMAIL PROTECTED]
X-Return-Path: [EMAIL PROTECTED]
Precedence: bulk
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
X-MDMailing-List: [EMAIL PROTECTED]
X-MDSend-Notifications-To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-MDaemon-Deliver-To: [email protected]
X-Eudora2Unix: 3905-11-05T08:39:35Z converted
<x-flowed>
I forgot to mention the reason I was asking about checking the uid and
passwd with bind:
I use SHA1(netscape directory) for encryption and it's apparently not
supported. I think my suggestion might be easier that trying to implement
SHA1. It would also eliminate the need for encryption(for the aspect
anyway).
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
</x-flowed>
From [EMAIL PROTECTED] Thu Jul 18 10:05:40 2002
X-Persona: <ftp.pproxy>
Return-path: <[EMAIL PROTECTED]>
Received: from hotmail.com ((f116.law4.hotmail.com) [216.33.149.116])
by compucation.de ([213.185.64.44])
with SMTP (MDaemon.PRO.v6.0.3.R)
for <[email protected]>; Thu, 18 Jul 2002 01:02:15 +0200
X-Originating-IP: [216.46.98.240]
From: "Jonathan Zuilkowski" <[EMAIL PROTECTED]>
To: "general-l List Member" <[email protected]>
Bcc:
Subject: [general-l] LDAP authentication {01}
Date: Wed, 17 Jul 2002 19:02:09 -0400
Mime-Version: 1.0
Message-ID: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 17 Jul 2002 23:02:09.0767 (UTC)
FILETIME=[FAC37770:01C22DE5]
X-Lookup-Warning: MAIL lookup on [EMAIL PROTECTED] does not match 216.33.149.116
X-MDRcpt-To: [EMAIL PROTECTED]
X-MDRemoteIP: 216.33.149.116
Sender: [EMAIL PROTECTED]
X-Return-Path: [EMAIL PROTECTED]
Precedence: bulk
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
X-MDMailing-List: [EMAIL PROTECTED]
X-MDSend-Notifications-To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-MDaemon-Deliver-To: [email protected]
X-Eudora2Unix: 3905-11-05T08:39:35Z converted
<x-flowed>
Here is the ldap authenticator for squid that I hacked to make it check for
group membership and check a second server if the first one fails. I needed
to do this because of the lag time when modifying the LDAP tree. This could
probably be done a whole lot better.
I think it would be fairly easy to change the is_member function to check
for the LDAPAuthOKFlag attribute instead.
I'm going to try to get this to work, as it would satisfy the requirement of
SHA1 encrypted passwords.
I'd like to try to modify where needed to get rid of the LDAPBindDN and
LDAPBindPW as well and just use the username and passwords to bind with
directly.
Let me know if this is of interest to anyone and I'll post the source. I
would also like peer review feedback as I'm an amature.
Thanks.
/***************************************************************************
static_group_ldap_auth.c - description
-------------------
begin : Tue Sep 4 2001
copyright : (C) 2001 by Jon Zuilkowski, Alan Sparks, Arjan de
Vet
email : [EMAIL PROTECTED]
***************************************************************************/
/***************************************************************************
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
***************************************************************************/
#include <stdio.h>
#include <ctype.h>
#include "/usr/local/netscape/proxy-ldap/include/ldap.h"
#include "/usr/local/netscape/proxy-ldap/include/lber.h"
#define NUL '\0'
char *rmallws(char *str)
{
char *obuf, *nbuf;
for (obuf = str, nbuf = str; *obuf && obuf; ++obuf)
{
if (!isspace(*obuf))
*nbuf++ = *obuf;
}
*nbuf = NUL;
return str;
}
int good_passwd (
const char *server,
const int port,
const char *base,
const char *uid_att,
const char *user,
const char *passwd )
{
LDAP *ld;
char *dn;
int luser;
/* no null usernames or passwords accepted */
if (user == NULL || strcmp(user, "") == 0) return 0;
if (passwd == NULL || strcmp(passwd, "") == 0) return 0;
/* attempt server connection */
if ((ld = ldap_open(server, port)) == NULL) return 0;
/* A small modification for my non-anonymous ldap server */
/* Karel De Bruyne ([EMAIL PROTECTED]) */
/* here, I put the correct string in dn */
/* uid=<username>, <ldapbase> */
dn=malloc(255);
strcpy(dn,"uid=");
strcpy(dn+4,user);
luser=strlen(user);
strcpy(dn+4+luser,", ");
strcpy(dn+6+luser,base);
/* end of my modification (kdb) */
/* attempt bind to server using found DN and provided password */
if (ldap_simple_bind_s(ld, dn, passwd) == LDAP_SUCCESS) {
free(dn);
ldap_unbind(ld);
return 1;
}
/* bind failed, password probably no good */
free(dn);
ldap_unbind(ld);
return 0;
}
int is_member (
const char *server,
const int port,
const char *base,
const char *uid_att,
const char *user,
const char *passwd,
const char *group )
{
LDAP *ld;
LDAPMessage *result = NULL, **rc = NULL, *entry;
BerElement *ber;
char *attr, *dn, *user_dn;
char **vals;
int i, c, luser, length, lfilter;
const char *searchbase = "ou=groups,o=x.com", *filter, *attribute =
"uniquemember";
/**********************************************************
* *
* This block will determin if the user in question is a *
* uniquemember of stated group. *
* *
* Assumes good password *
* *
* If yes, SUCCESS; else FAILURE *
* *
**********************************************************/
/* get a handle to an LDAP connection */
if ((ld = ldap_init(server, port)) == NULL) return 1;
/* Build the uid=xxx format fot the dn */
user_dn=malloc(255);
strcpy(user_dn,"uid=");
strcpy(user_dn+4,user);
luser=strlen(user);
strcpy(user_dn+4+luser,",");
strcpy(user_dn+5+luser,base);
length=strlen(user_dn);
/* bind to server using DN and password once again */
if (ldap_simple_bind_s(ld, user_dn, passwd) == LDAP_SUCCESS) {
/* Build the cn=xxx format fot the group */
filter=malloc(255);
strcpy(filter,"cn=");
strcpy(filter+3,group);
lfilter=strlen(user);
/* find the group object */
if ( ( rc = ldap_search_s( ld, searchbase, LDAP_SCOPE_SUBTREE,
filter, NULL, 0, &result )) != LDAP_SUCCESS ) {
printf("Res: %i\n\n\n", result);
ldap_perror( ld, "ldap_search_s" );
if ( result == NULL ) {
ldap_unbind( ld );
free(user_dn);
free(filter);
return( 1 );
}
}
free(filter);
/* for each entry print out name + all attrs and values */
for ( entry = ldap_first_entry( ld, result ); entry != NULL; entry =
ldap_next_entry( ld, entry ) ) {
if ( (dn = ldap_get_dn( ld, entry )) != NULL ) {
//printf( "dn: %s\n", dn );
ldap_memfree( dn );
}
for ( attr = ldap_first_attribute( ld, entry, &ber ); attr !=
NULL; attr = ldap_next_attribute( ld, entry, ber ) ) {
if ((vals = ldap_get_values( ld, entry, attr)) != NULL ) {
for ( i = 0; vals[i] != NULL; i++ ) {
rmallws(vals[i]);
if ( strcmp(attr, attribute) == 0 ) {
if ( strcasecmp(user_dn, vals[i]) == 0 ) {
free(user_dn);
ldap_value_free( vals );
ldap_memfree( attr );
if ( ber != NULL ) {
ber_free( ber, 0 );
}
ldap_msgfree( result );
ldap_msgfree( rc );
ldap_unbind( ld );
free(dn);
ldap_unbind(ld);
return 0;
}
}
}
ldap_value_free( vals );
}
ldap_memfree( attr );
}
if ( ber != NULL ) {
ber_free( ber, 0 );
}
}
}
free(user_dn);
ldap_msgfree( result );
ldap_unbind( ld );
free(dn);
ldap_unbind(ld);
return 1;
}
int main( int argc, char **argv )
{
char buf[256];
const char *server, *server2;
const int port, port2;
const char *base, *base2;
const char *uid_att, *uid_att2;
const char *user, *user2;
const char *passwd, *passwd2;
const char *group, *group2;
if (argc != 6) {
if (argc != 11) {
fprintf(stderr, "Usage: ldap_auth <server> <port> <base>
<uid-att> <group> <server2> <port2> <base2> <uid-att2> <group2> %i\n",
argc);
exit(1);
}
}
server = argv[1];
port = atoi(argv[2]);
base = argv[3];
uid_att = argv[4];
group = argv[5];
server2 = argv[6];
port2 = atoi(argv[7]);
base2 = argv[8];
uid_att2 = argv[9];
group2 = argv[10];
while (fgets(buf, 256, stdin) != NULL) {
user = strtok(buf, " ");
passwd = strtok(NULL, " \n");
if (good_passwd(server, port, base, uid_att, user, passwd)) {
if ((is_member(server, port, base, uid_att, user, passwd,
group)) == 0){
printf("OK\n");
} else {
printf("ERR\n");
}
} else {
printf("ERR\n");
}
fflush(stdout);
}
exit(0);
}
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
</x-flowed>
From [EMAIL PROTECTED] Thu Jul 18 10:05:40 2002
X-Persona: <ftp.pproxy>
Return-path: <[EMAIL PROTECTED]>
Received: from hotmail.com ((f99.law4.hotmail.com) [216.33.149.99])
by compucation.de ([213.185.64.44])
with SMTP (MDaemon.PRO.v6.0.3.R)
for <[email protected]>; Thu, 18 Jul 2002 01:45:51 +0200
X-Originating-IP: [216.46.98.240]
From: "Jonathan Zuilkowski" <[EMAIL PROTECTED]>
To: "general-l List Member" <[email protected]>
Bcc:
Subject: [general-l] My ldap_auth function {01}
Date: Wed, 17 Jul 2002 19:45:44 -0400
Mime-Version: 1.0
Message-ID: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 17 Jul 2002 23:45:45.0088 (UTC)
FILETIME=[119DC800:01C22DEC]
X-Lookup-Warning: MAIL lookup on [EMAIL PROTECTED] does not match 216.33.149.99
X-MDRcpt-To: [EMAIL PROTECTED]
X-MDRemoteIP: 216.33.149.99
Sender: [EMAIL PROTECTED]
X-Return-Path: [EMAIL PROTECTED]
Precedence: bulk
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
X-MDMailing-List: [EMAIL PROTECTED]
X-MDSend-Notifications-To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-MDaemon-Deliver-To: [email protected]
X-Eudora2Unix: 3905-11-05T08:39:35Z converted
<x-flowed>
OK. Here's what I've got so far.
This replaces the entire ldap_auth block:
/* ------------------------------------------------------------ **
**
** Function......: ldap_auth
**
** Parameters....: ld Pointer to LDAP struct
** e Pointer to result buffer
** who Pointer to user name
** pwd Pointer to user pwd
**
** Return........: 0 on success
**
** Purpose.......: Preform LDAP userauth
**
** ------------------------------------------------------------ */
static int ldap_auth(LDAP *ld, LDAPMessage *e, char *who, char *pwd)
{
int luser;
char *dn;
char *base = "ou=people,o=x.com"; // replace with your dn
char str[MAX_PATH_SIZE];
char *v, *p;
size_t len;
/* test server connection */
if (ld == NULL || e == NULL)
{
misc_die(FL, "ldap_checkauth: ?ld? ?e?");
}
/* no null usernames or passwords accepted */
if (who == NULL || strcmp(who, "") == 0)
{
syslog_write(U_WRN,
"access denied for NULL usernames");
return -1;
}
if (pwd == NULL || strcmp(pwd, "") == 0)
{
syslog_write(U_WRN,
"access denied for NULL passwords");
return -1;
}
/*
** check "user enabled" flag if present
*/
if( (p = config_str(NULL, "LDAPAuthOKFlag", NULL))) {
misc_strncpy(str, p, sizeof(str));
if( (v = strchr(str, '='))) {
*v++ = '\0';
} else {
v = 0;
}
if(v && strlen(v) && strlen(str)) {
if(0 != ldap_exists(ld, e, str, v, 0)) {
syslog_write(U_WRN,
"access denied for %s", NIL(who));
return -1;
} else {
syslog_write(T_DBG,
"LDAP auth ok-check: '%.256s'='%.256s' passed",
NIL(str), NIL(v));
}
} else {
errno = 0;
misc_die(FL, "ldap_auth: ?LDAPAuthOKFlag?");
}
} else {
syslog_write(T_DBG, "LDAP auth ok-check skipped");
}
/* dn=uid=<username>,<ldapbase> */
auth_dn=malloc(255);
strcpy(auth_dn,"uid=");
strcpy(auth_dn+4,who);
luser=strlen(who);
strcpy(auth_dn+4+luser,", ");
strcpy(auth_dn+6+luser,base);
/* attempt bind to server using found DN and provided password */
if (ldap_simple_bind_s(ld, auth_dn, pwd) == LDAP_SUCCESS) {
free(auth_dn);
ldap_unbind(ld);
return 0;
}
/* bind failed, password probably no good */
free(auth_dn);
ldap_unbind(ld);
return -1;
}
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
</x-flowed>
From [EMAIL PROTECTED] Mon Aug 19 10:26:49 2002
X-Persona: <ftp.pproxy>
Return-path: <[EMAIL PROTECTED]>
Received: from rockover.demon.co.uk ([158.152.81.109])
by compucation.de ([213.185.64.44])
with SMTP (MDaemon.PRO.v6.0.3.R)
for <[email protected]>; Sun, 11 Aug 2002 16:57:28 +0200
Date: Sun, 11 Aug 2002 15:57:20 +0100 (BST)
From: Mike Fleetwood <[EMAIL PROTECTED]>
To: "general-l List Member" <[email protected]>
Subject: [general-l] [Patch] Recognise multi-line 220 and 331 responses {01}
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
X-MDRcpt-To: [EMAIL PROTECTED]
X-MDRemoteIP: 158.152.81.109
Sender: [EMAIL PROTECTED]
X-Return-Path: [EMAIL PROTECTED]
Precedence: bulk
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
X-MDMailing-List: [EMAIL PROTECTED]
X-MDSend-Notifications-To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-MDaemon-Deliver-To: [email protected]
X-Eudora2Unix: 3905-11-05T08:39:35Z converted
Hello,
I found that ftp.proxy 1.1.5 and 1.1.6.beta4 do not correctly handle
multi-line responses from an FTP server in some circumstances.
The example output in the explanations below are from my dummy FTP
server shell script I threw together. It is really crude but run from
Inetd/XInetd it works well enough to reveal the 2 problems I have found
so far with ftp.proxy. My dummy FTP server shell script reflects how
MultiNet FTP Server V4.1(16) on a VMS box behaves which ftp.proxy
wouldn't work with.
Muilt-line 200 greeting
-----------------------
First ftp.proxy does not handle some multi-line 200 greetings correctly.
If there is a space in the 4th character it assumes that that line is the
last in the multi-line 200 greeting whether or not it is preceded by 3
digit status code marking the end of the multi-line response or not.
For example the following greeting causes ftp.proxy to exit:
220-Welcome to Dummy.COM.
Activity will be monitored.
220 Dummy FTP server ready.
The following syslog messages were recorded:
rockover ftp.proxy[15714]: connected to client: localhost
rockover ftp.proxy[15714]: info: monitor mode: off, ccp: <unset>
rockover ftp.proxy[15714]: connected to server: 127.0.0.1
rockover ftp.proxy[15714]: -ERR: unexpected server greeting:
Activity will be monitored.
And with debugging enabled (-d -d) stderr reported the following:
>>> CLI: 220 server ready - login please
select max= 0
>>> CLI: 530 login first
select max= 0
>>> CLI: 530 login first
select max= 0
>>> CLI: 331 password required
select max= 0
select max= 6
SVR >>>: 220-Welcome to Dummy.COM.
SVR >>>: Activity will be monitored.
>>> CLI: 500 service unavailable
The fault is in ftp.c:dologin() where it is skipping lines looking for
the 200 Server ready greeting. My fix is to skip lines until a line
starting with 3 digits and a space rather than just a space in the 4th
column.
Multi-line 331 password request
-------------------------------
Secondly ftp.proxy totally confuses the ftp client if the server sends
a multi-line 331 password required response. After the proxy asks the
the client for the password it sends part of the 331 multi-line password
required response to the client along with a 230 login successful. The
ftp client is confuses, just sits there and eventually times out. In
the ftp client you see the following:
[EMAIL PROTECTED] mike]# ftp localhost 1200
Connected to localhost.
220 server ready - login please
530 login first
530 login first
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): username
331 password required
Password:
331-Connected at Sun Aug 11 11:30:16 BST 2002
230 login accepted
421 Service not available, remote server has closed connection
Login failed.
No control connection for command: No such file or directory
ftp> quit
The system log shows:
rockover ftp.proxy-1.1.5+1fix.exe[15841]: connected to client:
localhost
rockover ftp.proxy-1.1.5+1fix.exe[15841]: info: monitor mode: off,
ccp: <unset>
rockover ftp.proxy-1.1.5+1fix.exe[15841]: connected to server:
127.0.0.1
rockover ftp.proxy-1.1.5+1fix.exe[15841]: login accepted:
[EMAIL PROTECTED]
rockover ftp.proxy-1.1.5+1fix.exe[15841]: connection timedout:
client= localhost, server= 127.0.0.1:21
rockover ftp.proxy-1.1.5+1fix.exe[15841]: +OK: proxy terminating
And the stderr recorded:
>>> CLI: 220 server ready - login please
select max= 0
>>> CLI: 530 login first
select max= 0
>>> CLI: 530 login first
select max= 0
>>> CLI: 331 password required
select max= 0
select max= 6
SVR >>>: 220-Welcome to Dummy.COM.
SVR >>>: Activity will be monitored.
SVR >>>: 220 Dummy FTP server ready.
>>> SVR: USER username
select max= 6
SVR >>>: 331-Connected at Sun Aug 11 11:30:16 BST 2002
>>> CLI: 331-Connected at Sun Aug 11 11:30:16 BST 2002
select max= 6
SVR >>>: 331 User "username" OK. Password, please.
>>> SVR: PASS password
select max= 6
SVR >>>: 230 Login successful. Have fun.
>>> CLI: 230 login accepted
select max= 0
My fix is to change ftp.c:sfputc() so that multi-line 331 password
required response are not sent to the client. All single line responses
are already not sent to the client by sfputc(). I don't particularly
like this fix but it is the best I can do without full understanding
which functions implement which bits of the FTP protocol.
Attached is my fix for these problems and my dummy FTP server shell
script.
Mike
--
__ __ _ _ ___ ____ _ ___ ___ _ ___ ___ _
| \/ (_| | _ / _ \ | ___| | / _ \/ _ \| |_ _ _ _/ \/ \ _| |
| |\/| | | |/ | ___| | _| | |_| __| ___| __| \/ \/| O | O / _ |
|_| |_|_|_|\_\\___| |_| |____\___|\___||____\_/^\_/\___/\___/\___|
Attachment Converted: "d:\programme\qualcomm\eudora\attach\dummyftpd1"
Attachment Converted:
"d:\programme\qualcomm\eudora\attach\ftpproxy-1.1.6.beta4+multi-line1.dif"
From [EMAIL PROTECTED] Mon Aug 19 10:26:50 2002
X-Persona: <ftp.pproxy>
Return-path: <[EMAIL PROTECTED]>
Received: from mail1.graffenried.ch ((mx.gglrecht.com) [194.230.47.131])
by compucation.de ([213.185.64.44])
with SMTP (MDaemon.PRO.v6.0.3.R)
for <[email protected]>; Thu, 15 Aug 2002 12:00:44 +0200
Date: Thu, 15 Aug 2002 12:00:42 +0200
From: Chris Osicki <[EMAIL PROTECTED]>
To: "general-l List Member" <[email protected]>
Subject: [general-l] -ERR: unexpected server greeting {01}
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
X-message-flag: Using Microsoft software might be a security risk
X-Lookup-Warning: EHLO lookup on mail1.graffenried.ch does not match
194.230.47.131
X-MDRcpt-To: [EMAIL PROTECTED]
X-MDRemoteIP: 194.230.47.131
Sender: [EMAIL PROTECTED]
X-Return-Path: [EMAIL PROTECTED]
Precedence: bulk
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
X-MDMailing-List: [EMAIL PROTECTED]
X-MDSend-Notifications-To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-MDaemon-Deliver-To: [email protected]
X-Eudora2Unix: 3905-11-05T08:39:35Z converted
Hi,
I've just installed ftp.proxy and am impressed.
It has however problems connecting to certain servers like ftp.sgi.com
What I see in logs is:
Aug 15 11:54:36 [ftp.proxy] connected to server: ftp.sgi.com
Aug 15 11:54:36 [ftp.proxy] -ERR: unexpected server greeting:
_
Aug 15 11:54:36 [inetd] pid 13537: exit status 1
Please note the _ at the end of second log line.
Any ideas?
Thanks for your time.
Regards,
Chris
