<x-flowed>
Greg,
Thanks a lot for offering the patch. I too downloaded v1.1.5 and
applied your patch.
It looks like ftp.proxy does not do local authentication properly. I
mean to say, it just provide access even if we provide wrong password.
If you wish I can send you the strace output or what you prefer.
I'm trying on Red Hat enterprise Linux 3, is this any OS specific ?
thanks,
saravan
Greg Lyons wrote:
>I had the same requirement a few years back, and I created the following
>patch against 1.1.5. If ftp.proxy is evoked with the "-2" switch, it
>will act exactly as you describe. It also allows the user to use the
>"SITE" command instead of the "USER" command to connect to the remote
>site after authentication. I have no idea whether this patch applies
>cleanly to the current source tree.
>
>
>diff -ruNd ftp-old/ftpproxy-1.1.5/Makefile ftp-new/ftpproxy-1.1.5/Makefile
>--- ftp-old/ftpproxy-1.1.5/Makefile Thu Jan 24 12:44:16 2002
>+++ ftp-new/ftpproxy-1.1.5/Makefile Wed May 8 10:27:55 2002
>@@ -1,6 +1,8 @@
>
> DIR = ftpproxy-1.1.5
> TAR = ftpproxy-1.1.5
>+PREFIX = /usr
>+ETC = /etc
>
>
> TARGETS = ftp.proxy
>@@ -10,8 +12,9 @@
> cd src; make all
>
> install: all
>- cd src; strip $(TARGETS) && cp $(TARGETS) /usr/local/sbin
>- cd doc; cp *.1 /usr/local/man/man1
>+ cd src; strip $(TARGETS) && cp $(TARGETS) $(PREFIX)/sbin
>+ cd doc; cp *.1 $(PREFIX)/man/man1
>+ cd xinetd.d; cp ftpproxy $(ETC)/xinetd.d
>
>
> ftp.proxy:
>diff -ruNd ftp-old/ftpproxy-1.1.5/doc/ftp.proxy.1
>ftp-new/ftpproxy-1.1.5/doc/ftp.proxy.1
>--- ftp-old/ftpproxy-1.1.5/doc/ftp.proxy.1 Mon Feb 4 11:57:01 2002
>+++ ftp-new/ftpproxy-1.1.5/doc/ftp.proxy.1 Wed May 8 10:25:21 2002
>@@ -236,6 +236,19 @@
> set \fIprefix\fR as variable prefix for the variable passwd to the access
> and command control program.
> .TP
>+\fB-2\fR
>+Use two-phase authentication. In this scenario, the user issues the USER and
>+PASS commands for local authentication only. Then, the user can issue remote
>+USER <user>@<site> and PASS commands, or alternatively, a SITE command to
>+connect to a site without authenticating.
>+.TP
>+\fB-f\fR
>+When two-phase authentication is in place, this option allows for fast
>+verification of local credentials. This allows immediate feedback for the
>+user if the local username/password are incorrect. The drawback is that your
>+ACP cannot restrict remote hostnames or usernames, since they haven't been
>+entered yet.
>+.TP
> \fB-V\fR
> show version number
> .TP
>diff -ruNd ftp-old/ftpproxy-1.1.5/src/ftp.c ftp-new/ftpproxy-1.1.5/src/ftp.c
>--- ftp-old/ftpproxy-1.1.5/src/ftp.c Mon Feb 4 11:11:21 2002
>+++ ftp-new/ftpproxy-1.1.5/src/ftp.c Tue Jul 22 11:10:58 2003
>@@ -73,6 +73,7 @@
> { "MDTM", 1, 1, 1, 257, 1 },
> { "MKD", 1, 1, 1, 257, 1 },
> { "MODE", 1, 0, 0, 200, 0 },
>+ { "PASS", 1, 0, 0, 0, 0 },
> { "PWD", 0, 0, 0, 257, 0 },
> { "QUIT", 0, 0, 0, 221, 0 },
> { "REIN", 0, 0, 0, 0, /* 220, */ 0 }, /* wird nicht
> unterstuetzt */
>@@ -87,6 +88,7 @@
> { "STRU", 1, 0, 0, 0, /* 200, */ 0 }, /* wird nicht
> unterstuetzt */
> { "SYST", 0, 0, 0, 215, 0 },
> { "TYPE", 1, 0, 0, 200, 0 },
>+ { "USER", 1, 0, 1, 0, 1 },
> { "XCUP", 1, 1, 1, 200, 1 },
> { "XCWD", 1, 1, 1, 250, 1 },
> { "XMKD", 1, 1, 1, 257, 1 },
>@@ -1203,19 +1205,19 @@
> return (CCP_ERROR);
> }
>
>-
> /*
>- * dologin() accepts now blanks with in and at the end of
>- * passwords - 22JAN02asg
>+ * if local == 1, local user and password are collected. Otherwise,
>+ * the remote username and password are collected. If -2 command line
>+ * argument is used, SITE command is also accepted for remote
>invocation.
>+ *
>+ * Returns -1 if SITE command was used, 0 if USER was used. Positive
>+ * number on error.
> */
>-
>-int dologin(ftp_t *x)
>+int get_user_pass(ftp_t *x, int local)
> {
>- int c, i, rc;
>- char *p, word[80], line[300];
>- struct hostent *hostp;
>- struct sockaddr_in saddr;
>-
>+ char line[300], *p, word[80];
>+ int i, c, site = 0;
>+
> while (1) {
> if (readline_fd(x, 0, line, sizeof(line)) == NULL)
> return (1);
>@@ -1234,19 +1236,38 @@
> get_word(&p, word, sizeof(word));
> strupr(word);
> if (strcmp(word, "USER") == 0) {
>- get_word(&p, x->username, sizeof(x->username));
>+ if (local == 1)
>+ get_word(&p, x->local.username,
>sizeof(x->local.username));
>+ else
>+ get_word(&p, x->username, sizeof(x->username));
> cfputs(x, "331 password required");
> }
> else if (strcmp(word, "PASS") == 0) {
>- if (*x->username == 0) {
>- cfputs(x, "503 give USER first");
>- continue;
>+ if (local == 1) {
>+ if (*x->local.username == 0) {
>+ cfputs(x, "503 give USER first");
>+ continue;
>+ }
>+ }
>+ else {
>+ if (*x->username == 0) {
>+ cfputs(x, "503 give USER first");
>+ continue;
>+ }
> }
>
>- if (x->config->allow_passwdblanks == 0)
>- get_word(&p, x->password, sizeof(x->password));
>- else
>- copy_string(x->password, p,
>sizeof(x->password));
>+ if (local == 1) {
>+ if (x->config->allow_passwdblanks == 0)
>+ get_word(&p, x->local.password,
>sizeof(x->local.password));
>+ else
>+ copy_string(x->local.password, p,
>sizeof(x->local.password));
>+ }
>+ else {
>+ if (x->config->allow_passwdblanks == 0)
>+ get_word(&p, x->password,
>sizeof(x->password));
>+ else
>+ copy_string(x->password, p,
>sizeof(x->password));
>+ }
>
> break;
> }
>@@ -1254,42 +1275,109 @@
> cfputs(x, "221 goodbye");
> return (2);
> }
>+ else if ((strcmp(word, "SITE") == 0) && (x->config->phaseauth
>== 1) && (local == 0)) {
>+ get_word(&p, x->server.name, sizeof(x->server.name));
>+ site = -1;
>+ break;
>+ }
> else {
> cfputs(x, "530 login first");
> }
> }
>+ return site;
>+}
>+
>+ /*
>+ * dologin() accepts now blanks with in and at the end of
>+ * passwords - 22JAN02asg
>+ *
>+ * * It also support two-phase authentication (-2 on the command
>+ * line), whereby a user can login using local credentials, then
>+ * issue the USER and PASS commands again using the
>+ * USER <user>@<host> syntax.
>+ * * Also added is the ability to use the SITE command to connect
>+ * to the remote site without logging in to it remote USER and
>+ * PASS commands can be issued later.
>+ * * When two-phase auth is used, an available option is to verify
>+ * the user's local user and password before expecting the remote
>+ * USER or SITE command (-f on the command line)
>+ * 6MAY02gdl
>+ */
>
>+int dologin(ftp_t *x)
>+{
>+ int rc, site = 0;
>+ char *p, line[300], code[4];
>+ struct hostent *hostp;
>+ struct sockaddr_in saddr;
>+
>+ /*
>+ * Get local username and password first
>+ */
>+ if (x->config->phaseauth == 1) {
>+ site = get_user_pass(x, 1);
>+ if (site > 0) {
>+ return site;
>+ }
>
>- if (x->config->selectserver == 0) {
>- if ((p = strchr(x->username, '@')) != NULL && (p =
>strchr(x->username, '%')) != NULL) {
>- cfputs(x, "500 service unavailable");
>- syslog(LOG_NOTICE, "-ERR: hostname supplied: %s", p);
>- exit (1);
>+ if (x->config->fastauth == 1) {
>+ if (*x->config->acp != 0) {
>+ if (run_acp(x) != 0)
>+ exit (0);
>+ }
>+ cfputs(x, "230- ");
>+ cfputs(x, "230- Login accepted.");
>+ cfputs(x, "230- ");
>+ cfputs(x, "230- Depending on your FTP client, you may
>now connect using one of two");
>+ cfputs(x, "230- commands:");
>+ cfputs(x, "230- user <remoteuser>@<remotehost>");
>+ cfputs(x, "230- - OR -");
>+ cfputs(x, "230- quote site <remotehost>");
>+ cfputs(x, "230 ");
> }
>+ }
>
>- copy_string(x->server.name, x->config->u.server,
>sizeof(x->server.name));
>+ /*
>+ * Get remote USER or SITE command
>+ */
>+ site = get_user_pass(x, 0);
>+ if (site > 0) {
>+ return site;
> }
>- else {
>
>- /*
>- * Es wird das erste Vorkommen des @-Zeichens gesucht, nicht das
>- * letzte, da sonst Proxy-Routing durch den Client ermoeglicht
>- * wird.
>- */
>+ if (site != -1) {
>
>- if ((p = strchr(x->username, '@')) == NULL && (p =
>strchr(x->username, '%')) == NULL) {
>- cfputs(x, "500 service unavailable");
>- syslog(LOG_NOTICE, "-ERR: missing hostname");
>- exit (1);
>+ if (x->config->selectserver == 0) {
>+ if ((p = strrchr(x->username, '@')) != NULL && (p =
>strrchr(x->username, '%')) != NULL) {
>+ cfputs(x, "500 service unavailable");
>+ syslog(LOG_NOTICE, "-ERR: hostname supplied:
>%s", p);
>+ exit (1);
>+ }
>+
>+ copy_string(x->server.name, x->config->u.server,
>sizeof(x->server.name));
> }
>+ else {
>
>- *p++ = 0;
>- copy_string(x->server.name, p, sizeof(x->server.name));
>+ /*
>+ * Es wird das erste Vorkommen des @-Zeichens gesucht,
>nicht das
>+ * letzte, da sonst Proxy-Routing durch den Client
>ermoeglicht
>+ * wird.
>+ */
>+
>+ if ((p = strrchr(x->username, '@')) == NULL && (p =
>strrchr(x->username, '%')) == NULL) {
>+ cfputs(x, "500 service unavailable");
>+ syslog(LOG_NOTICE, "-ERR: missing hostname");
>+ exit (1);
>+ }
>+
>+ *p++ = 0;
>+ copy_string(x->server.name, p, sizeof(x->server.name));
>+ }
>
> /*
>- * Den Server auf der Serverliste suchen, wenn eine Liste
>- * vorhanden ist.
>- */
>+ * Den Server auf der Serverliste suchen, wenn eine Liste
>+ * vorhanden ist.
>+ */
>
> if ((p = x->config->u.serverlist) != NULL && *p != 0) {
> int permitted;
>@@ -1332,25 +1420,30 @@
> * Wenn vorhanden Proxy Login und Passwort auslesen.
> */
>
>- if ((p = strchr(x->username, ':')) != NULL) {
>- *p++ = 0;
>- copy_string(x->local.username, x->username,
>sizeof(x->local.username));
>- copy_string(x->username, p, sizeof(x->username));
>- }
>+ if (x->config->phaseauth == 0) {
>+ if ((p = strchr(x->username, ':')) != NULL) {
>+ *p++ = 0;
>+ copy_string(x->local.username, x->username,
>sizeof(x->local.username));
>+ copy_string(x->username, p, sizeof(x->username));
>+ }
>
>- if ((p = strchr(x->password, ':')) != NULL) {
>- *p++ = 0;
>- copy_string(x->local.password, x->password,
>sizeof(x->local.password));
>- copy_string(x->password, p, sizeof(x->password));
>+ if ((p = strchr(x->password, ':')) != NULL) {
>+ *p++ = 0;
>+ copy_string(x->local.password, x->password,
>sizeof(x->local.password));
>+ copy_string(x->password, p, sizeof(x->password));
>+ }
> }
>
>+
> /*
> * Access Control Programm starten
> */
>
>- if (*x->config->acp != 0) {
>- if (run_acp(x) != 0)
>- exit (0);
>+ if (x->config->fastauth != 1) {
>+ if (*x->config->acp != 0) {
>+ if (run_acp(x) != 0)
>+ exit (0);
>+ }
> }
>
> /*
>@@ -1367,10 +1460,14 @@
>
>
> sfgets(x, line, sizeof(line));
>- while (line[3] != ' ') {
>- if (sfgets(x, line, sizeof(line)) == NULL) {
>- syslog(LOG_NOTICE, "-ERR: lost server while reading
>client greeting: %s", x->server.name);
>- exit (1);
>+ strncpy(code, line, 3);
>+ code[4] = '\0';
>+ if (line[3] != ' ') {
>+ while(! ((strncmp(code, line, 3) == 0) && (line[3] == ' ' ||
>line[3] == '\0'))) {
>+ if (sfgets(x, line, sizeof(line)) == NULL) {
>+ syslog(LOG_NOTICE, "-ERR: lost server while
>reading client greeting: %s", x->server.name);
>+ exit (1);
>+ }
> }
> }
>
>@@ -1388,48 +1485,35 @@
> *
> */
>
>- rc = sfputc(x, "USER", x->username, line, sizeof(line), NULL);
>-
>- if (rc == 230) {
>- cfputs(x, "230 login accepted");
>- syslog(LOG_NOTICE, "login accepted: [EMAIL PROTECTED], no
>password needed.", x->username, x->server.name);
>- return (0);
>- }
>- else if (rc != 331) {
>- cfputs(x, "500 service unavailable");
>- syslog(LOG_NOTICE, "-ERR: unexpected reply to USER: %s", line);
>- exit (1);
>- }
>- else if (sfputc(x, "PASS", x->password, line, sizeof(line), NULL) !=
>230) {
>- cfputs(x, "530 bad login");
>- syslog(LOG_NOTICE, "-ERR: reply to PASS: %s", line);
>- exit (1);
>- }
>-
>- cfputs(x, "230 login accepted");
>- syslog(LOG_NOTICE, "login accepted: [EMAIL PROTECTED]", x->username,
>x->server.name);
>+ /* only login if USER [EMAIL PROTECTED] was given. SITE doesn't
>require login */
>+ if (site != -1) {
>+ rc = sfputc(x, "USER", x->username, line, sizeof(line), NULL);
>
>- return (0);
>+ if (rc == 230) {
>+ cfputs(x, "230-login accepted");
>+ cfputs(x, "230 ");
>+ syslog(LOG_NOTICE, "login accepted: [EMAIL PROTECTED],
>no password needed.", x->username, x->server.name);
>+ return (0);
>+ }
>+ else if (rc != 331) {
>+ cfputs(x, "500 service unavailable");
>+ syslog(LOG_NOTICE, "-ERR: unexpected reply to USER:
>%s", line);
>+ exit (1);
>+ }
>+ else if (sfputc(x, "PASS", x->password, line, sizeof(line),
>NULL) != 230) {
>+ cfputs(x, "530 bad login");
>+ syslog(LOG_NOTICE, "-ERR: reply to PASS: %s", line);
>+ exit (1);
>+ }
>
>-/*
>- if (sfputc(x, "USER", x->username, line, sizeof(line), NULL) != 331) {
>- cfputs(x, "500 service unavailable");
>- syslog(LOG_NOTICE, "-ERR: unexpected reply to USER: %s", line);
>- exit (1);
>- }
>- else if (sfputc(x, "PASS", x->password, line, sizeof(line), NULL) !=
>230) {
>- cfputs(x, "530 bad login");
>- syslog(LOG_NOTICE, "-ERR: reply to PASS: %s", line);
>- exit (1);
>+ cfputs(x, "230-login accepted");
>+ cfputs(x, "230 ");
>+ syslog(LOG_NOTICE, "login accepted: [EMAIL PROTECTED]",
>x->username, x->server.name);
> }
>-
>- cfputs(x, "230 login accepted");
>- syslog(LOG_NOTICE, "login accepted: [EMAIL PROTECTED]", x->username,
>x->server.name);
>+ else
>+ cfputs(x, "220 connected to remote FTP server");
>
> return (0);
>-*/
>-
>-
> }
>
>
>diff -ruNd ftp-old/ftpproxy-1.1.5/src/ftp.h ftp-new/ftpproxy-1.1.5/src/ftp.h
>--- ftp-old/ftpproxy-1.1.5/src/ftp.h Thu Jan 31 11:52:27 2002
>+++ ftp-new/ftpproxy-1.1.5/src/ftp.h Wed May 8 10:25:21 2002
>@@ -58,6 +58,9 @@
>
> int numeric_only;
> unsigned int dataport;
>+
>+ int fastauth;
>+ int phaseauth;
> } config_t;
>
>
>diff -ruNd ftp-old/ftpproxy-1.1.5/src/main.c ftp-new/ftpproxy-1.1.5/src/main.c
>--- ftp-old/ftpproxy-1.1.5/src/main.c Mon Feb 4 12:00:27 2002
>+++ ftp-new/ftpproxy-1.1.5/src/main.c Wed May 8 10:25:21 2002
>@@ -115,6 +115,10 @@
> }
> else if (c == 'e')
> config->selectserver = 1;
>+ else if (c == 'f')
>+ config->fastauth = 1;
>+ else if (c == '2')
>+ config->phaseauth = 1;
> else if (c == 'l')
> extralog = 1;
> else if (c == 'm')
>diff -ruNd ftp-old/ftpproxy-1.1.5/src/tags ftp-new/ftpproxy-1.1.5/src/tags
>--- ftp-old/ftpproxy-1.1.5/src/tags Mon Feb 4 12:01:34 2002
>+++ ftp-new/ftpproxy-1.1.5/src/tags Thu Jun 13 20:37:29 2002
>@@ -2,20 +2,20 @@
> !_TAG_FILE_SORTED 1 /0=unsorted, 1=sorted/
> !_TAG_PROGRAM_AUTHOR Darren Hiebert /[EMAIL PROTECTED]/
> !_TAG_PROGRAM_NAME Exuberant Ctags //
>-!_TAG_PROGRAM_URL http://darren.hiebert.com/ctags/ /official site/
>-!_TAG_PROGRAM_VERSION 3.3.1 /with C, C++, Eiffel, Fortran, and Java
>support/
>-CCP_ERROR ftp.h 68;" d
>-CCP_OK ftp.h 67;" d
>+!_TAG_PROGRAM_URL http://ctags.sourceforge.net /official site/
>+!_TAG_PROGRAM_VERSION 5.0.1 //
>+CCP_ERROR ftp.h 71;" d
>+CCP_OK ftp.h 70;" d
> DEBUG lib.c 35;" d file:
>-DIR_MAXDEPTH ftp.h 64;" d
>+DIR_MAXDEPTH ftp.h 67;" d
> FTPMAXBSIZE ftp.h 36;" d
>-MODE_PASSIVE ftp.h 76;" d
>-MODE_PORT ftp.h 75;" d
>-OP_GET ftp.h 78;" d
>-OP_PUT ftp.h 79;" d
>-PORT_CLOSED ftp.h 73;" d
>-PORT_CONNECTED ftp.h 72;" d
>-PORT_LISTEN ftp.h 71;" d
>+MODE_PASSIVE ftp.h 79;" d
>+MODE_PORT ftp.h 78;" d
>+OP_GET ftp.h 81;" d
>+OP_PUT ftp.h 82;" d
>+PORT_CLOSED ftp.h 76;" d
>+PORT_CONNECTED ftp.h 75;" d
>+PORT_LISTEN ftp.h 74;" d
> _FTP_INCLUDED ftp.h 26;" d
> _IP_LIB_INCLUDED ip-lib.h 25;" d
> _LIB_INCLUDED lib.h 24;" d
>@@ -70,6 +70,7 @@
> doquit ftp.c /^int doquit(ftp_t *x)$/;" f
> dtc_t ftp.h /^ } dtc_t;$/;" t
> extralog main.c /^int extralog = 0;$/;" v
>+fastauth ftp.h /^ int fastauth;$/;" m
>struct:_config
> fd ftp.h /^ } fd;$/;" m struct:_ftp
> fdset ftp.h /^ fd_set fdset;$/;" m
> struct:_ftp::<anonymous>
> filename ftp.h /^ char filename[200];$/;" m
> struct:_dtc
>@@ -82,6 +83,7 @@
> get_interface_info ftp.c /^unsigned get_interface_info(int pfd, char
> *ip, int max)$/;" f
> get_port ip-lib.c /^unsigned int get_port(char *server, unsigned
> int def_port)$/;" f
> get_quoted lib.c /^char *get_quoted(char **from, int delim, char *to,
> int max)$/;" f
>+get_user_pass ftp.c /^int get_user_pass(ftp_t *x, int local)$/;" f
> get_word lib.c /^char *get_word(char **from, char *to, int maxlen)$/;"
> f
> getc_fd ftp.c /^int getc_fd(ftp_t *x, int fd)$/;" f
> getcmd ftp.c /^ftpcmd_t *getcmd(char *name)$/;" f
>@@ -95,11 +97,11 @@
> ipnum ftp.h /^ char ipnum[80];$/;" m struct:_port
> islowercase lib.c /^int islowercase(unsigned int c)$/;" f
> isock ftp.h /^ int isock;$/;" m struct:_dtc
>-ispath ftp.c /^ int par, ispath, useccp;$/;"
>m struct:_ftpcmd
>+ispath ftp.c /^ int par, ispath, useccp;$/;"
>m struct:_ftpcmd file:
> isuppercase lib.c /^int isuppercase(unsigned int c)$/;" f
> len ftp.h /^ int here, len;$/;" m struct:_bio
> local ftp.h /^ } local;$/;" m struct:_ftp
>-log ftp.c /^ int log;$/;" m struct:_ftpcmd
>+log ftp.c /^ int log;$/;" m struct:_ftpcmd
>file:
> lower lib.c /^static unsigned int lower[256], upper[256];$/;" v
> file:
> lowercase lib.c /^unsigned int lowercase(unsigned int c)$/;" f
> main main.c /^int main(int argc, char *argv[], char *envp[])$/;" f
>@@ -107,7 +109,7 @@
> missing_arg main.c /^void missing_arg(int c, char *string)$/;" f
> mode ftp.h /^ int mode; \/* PORT oder PASV
> *\/$/;" m struct:_dtc
> monitor ftp.h /^ int monitor;$/;" m
> struct:_config
>-name ftp.c /^ char name[20];$/;" m struct:_ftpcmd
>+name ftp.c /^ char name[20];$/;" m struct:_ftpcmd file:
> name ftp.h /^ char name[80];$/;" m struct:_ftp::<anonymous>
> noctrl lib.c /^char *noctrl(char *buffer)$/;" f
> numeric_only ftp.h /^ int numeric_only;$/;" m
> struct:_config
>@@ -116,9 +118,10 @@
> osock ftp.h /^ int osock;$/;" m struct:_dtc
> other ftp.h /^ int other;$/;" m struct:_dtc
> outside ftp.h /^ port_t outside;$/;" m struct:_dtc
>-par ftp.c /^ int par, ispath, useccp;$/;" m
>struct:_ftpcmd
>+par ftp.c /^ int par, ispath, useccp;$/;" m
>struct:_ftpcmd file:
> password ftp.h /^ char password[80];$/;" m
> struct:_ftp::<anonymous>
> password ftp.h /^ char password[200];$/;" m
> struct:_ftp
>+phaseauth ftp.h /^ int phaseauth;$/;" m
>struct:_config
> port ftp.h /^ unsigned int port;$/;" m struct:_ftp::<anonymous>
> port ftp.h /^ unsigned int port;$/;" m struct:_ftp
> port ftp.h /^ unsigned int port;$/;" m struct:_port
>@@ -128,7 +131,7 @@
> proxy_request ftp.c /^int proxy_request(config_t *config)$/;" f
> readline_fd ftp.c /^char *readline_fd(ftp_t *x, int fd, char *line, int
> size)$/;" f
> reallocate lib.c /^void *reallocate(void *p, size_t size)$/;" f
>-resp ftp.c /^ int resp;$/;" m struct:_ftpcmd
>+resp ftp.c /^ int resp;$/;" m struct:_ftpcmd
>file:
> run_acp ftp.c /^int run_acp(ftp_t *x)$/;" f
> run_ccp ftp.c /^int run_ccp(ftp_t *x, char *cmd, char *par)$/;"
> f
> sbuf ftp.h /^ bio_t cbuf, sbuf;$/;" m struct:_ftp
>@@ -158,7 +161,7 @@
> uid main.c /^int uid = -1;$/;" v
> upper lib.c /^static unsigned int lower[256], upper[256];$/;" v
> file:
> uppercase lib.c /^unsigned int uppercase(unsigned int c)$/;" f
>-useccp ftp.c /^ int par, ispath, useccp;$/;"
>m struct:_ftpcmd
>+useccp ftp.c /^ int par, ispath, useccp;$/;"
>m struct:_ftpcmd file:
> username ftp.h /^ char username[80];$/;" m
> struct:_ftp::<anonymous>
> username ftp.h /^ char username[200];$/;" m
> struct:_ftp
> varname ftp.h /^ char varname[80];$/;" m
> struct:_config
>diff -ruNd ftp-old/ftpproxy-1.1.5/xinetd.d/ftpproxy
>ftp-new/ftpproxy-1.1.5/xinetd.d/ftpproxy
>--- ftp-old/ftpproxy-1.1.5/xinetd.d/ftpproxy Wed Dec 31 18:00:00 1969
>+++ ftp-new/ftpproxy-1.1.5/xinetd.d/ftpproxy Wed May 8 10:32:56 2002
>@@ -0,0 +1,16 @@
>+# default: off
>+# description: An ftp proxy server. This is the tcp \
>+# version.
>+service ftpproxy
>+{
>+ disable = no
>+ type = UNLISTED
>+ socket_type = stream
>+ protocol = tcp
>+ user = root
>+ group = nobody
>+ port = 21
>+ server = /usr/sbin/ftp.proxy
>+ server_args = -b -e -l -2 -f -p 20 -a /usr/bin/test_acp
>+ wait = no
>+}
>
>
>
>
>
>
>Venkatachalam, Saravanakumar wrote:
>
>
>
>>Dear List,
>>
>>I need dual authentications to happen if a user wanted to connect to
>>an ftp site.
>>
>>1) Login to proxy with your local username/password
>>2) Connect to remote site with the user command
>>
>>Instead of FTPing directly to the remote FTP site, we need to FTP to
>>ftp-proxy on port 21. we then login to the proxy using your web access
>>password. If authenticated successfully, you can then connect to any
>>remote FTP site using the user [EMAIL PROTECTED] command.
>>
>>Please help me configuring ftp.proxy to work for the above mentioned
>>requirement.
>>
>>Thanks,
>>saravan
>>
>>
>>
>>
>>
>>--general-l------------------------------------
>>To unsubscribe please visit:
>>http://www.ftpproxy.org/html/maillinglists.html
>>
>>
>>
>>
>
>
>
>--general-l------------------------------------
>To unsubscribe please visit:
>http://www.ftpproxy.org/html/maillinglists.html
>
>
>
>
--general-l------------------------------------
To unsubscribe please visit:
http://www.ftpproxy.org/html/maillinglists.html
</x-flowed>
From [EMAIL PROTECTED] Fri Jun 03 10:20:45 2005
Return-Path: <[EMAIL PROTECTED]>
Received: from mail.compucation.de (mail.compucation.de [213.185.64.44])
by um1.pce.de (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with ESMTP
id j523LDv30039
(using TLSv1/SSLv3 with cipher RC4-MD5 (128 bits) verified NO)
for <[EMAIL PROTECTED]>; Thu, 2 Jun 2005 05:21:17 +0200
Received: from sccimhc91.asp.att.net (sccimhc91.asp.att.net [63.240.76.165])
by compucation.de (mail.compucation.de [213.185.64.44])
(MDaemon.PRO.v8.0.2.R)
with ESMTP id md50000055524.msg
for <[EMAIL PROTECTED]>; Thu, 02 Jun 2005 05:20:30 +0200
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 01 Jun 2005 22:20:13 -0500
From: Greg Lyons <[EMAIL PROTECTED]>
User-Agent: Debian Thunderbird 1.0.2 (X11/20050331)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "general-l List Member" <[EMAIL PROTECTED]>
Subject: [general-l] FTP proxy authentication {04}
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Content-Transfer-Encoding: 7bit
X-Lookup-Warning: MAIL lookup on [EMAIL PROTECTED] does not match 63.240.76.165
X-MDRemoteIP: 63.240.76.165
Sender: [EMAIL PROTECTED]
X-Return-Path: [EMAIL PROTECTED]
Precedence: bulk
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
X-MDMailing-List: [EMAIL PROTECTED]
X-MDSend-Notifications-To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-MDaemon-Deliver-To: [EMAIL PROTECTED]
X-MDAV-Processed: mail.compucation.de, Thu, 02 Jun 2005 05:20:33 +0200
X-UIDL: ~\J!!X0-"[EMAIL PROTECTED]"!
X-Eudora2Unix: 3905-11-05T08:39:37Z converted
Saravan,
Is your ACP working properly? You might try a simple shell script like
the one below as a test. I suspect your ACP might be the problem,
because my system is also a RHEL machine and it works fine. If you
would like, I can send you my binary RPM, xinetd config, LDAP-based ACP,
and whatever else you think might help. Just send me an email privately
and I'll give you whatever I have.
#!/bin/bash
if [ "$PROXY_USERNAME" = "user" ] && [ "$PROXY_PASSWD" = "good" ]; then
exit 0
else
exit 1
fi
Venkatachalam, Saravanakumar wrote:
> Greg,
>
> Thanks a lot for offering the patch. I too downloaded v1.1.5 and
> applied your patch.
>
> It looks like ftp.proxy does not do local authentication properly. I
> mean to say, it just provide access even if we provide wrong password.
>
> If you wish I can send you the strace output or what you prefer.
>
> I'm trying on Red Hat enterprise Linux 3, is this any OS specific ?
>
>
> thanks,
> saravan
>
--general-l------------------------------------
To unsubscribe please visit:
http://www.ftpproxy.org/html/maillinglists.html
