<x-html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Greg, <br>
<br>
Thats cool !! It works now. Thank you again.<br>
<br>
The reason for the problem is.. First of all I did not use ACP.. I
thought <a class="moz-txt-link-abbreviated"
href="ftp://ftp.proxy";>ftp.proxy</a> will do local authentication by
default.<br>
<br>
Now we used perl scripts for ACP and CCP to authenticate and log. <br>
<br>
You might be interested in having a look at our ACP and CCP,<br>
<br>
Our ACP:<br>
-----------------------------------<br>
#!/usr/local/bin/perl -w<br>
<br>
$ENV{PATH} = "/bin:/usr/bin:/sbin:/usr/sbin";<br>
<br>
if(!defined($ENV{PROXY_USERNAME}) or !defined($ENV{PROXY_PASSWD})) {<br>
print STDERR "Please set the
environment variables
PROXY_USERNAME & PROXY_PASSWD\n";<br>
exit(1);<br>
}<br>
<br>
$PROXY_USERNAME = $ENV{PROXY_USERNAME};<br>
$PROXY_PASSWD = $ENV{PROXY_PASSWD};<br>
<br>
@pass = getpwnam("$PROXY_USERNAME");<br>
if(!defined($pass[0])) {<br>
print STDERR "Authentication
failure...\n";<br>
exit(1);<br>
}<br>
<br>
$passwd = $pass[1];<br>
$salt = substr($passwd,0,2);<br>
$mypass = crypt($PROXY_PASSWD,$salt);<br>
<br>
$LOG = "/var/log/FTP_PROXY_LOG";<br>
open(LKFD,">>$LOG") || die "Cannot open $LOG: $!";<br>
flock(LKFD,2) || die "Cannot lock: $!";<br>
seek(LKFD,0,2);<br>
$date = `date`;<br>
chomp($date);<br>
<br>
$ts = time();<br>
$date = `date "+%h-%d-%H:%M:%S"`;<br>
chomp($date);<br>
<br>
if($mypass ne $passwd) {<br>
print STDERR "Authentication
failure...\n";<br>
print LKFD "$ts $date Authentication
Failure For User
($PROXY_USERNAME)\n";<br>
close(LKFD);<br>
exit(1);<br>
}<br>
<br>
print STDERR "Success....\n";<br>
print LKFD "$ts $date Authentication Succeeded For User
($PROXY_USERNAME)\n";<br>
close(LKFD);<br>
exit(0);<br>
<br>
--------------------------<br>
<br>
Our CCP:<br>
<br>
#!/usr/local/bin/perl -w<br>
<br>
$ENV{PATH} = "/bin:/usr/bin:/sbin:/usr/sbin";<br>
<br>
$ts = time();<br>
$date = `date "+%h-%d-%H:%M:%S"`;<br>
chomp($date);<br>
$msg = "$ts $date SourceHost($ENV{PROXY_CLIENTNAME})
ProxyUser($ENV{PROXY_USERNAME}) ";<br>
$msg .= "RemoteHost($ENV{PROXY_SERVERNAME})
RemoteUser($ENV{PROXY_SERVERLOGIN}) ";<br>
$msg .= "Command($ENV{PROXY_COMMAND} $ENV{PROXY_PARAMETER})";<br>
<br>
$LOG = "/var/log/FTP_PROXY_LOG";<br>
open(LKFD,">>$LOG") || die "Cannot open $LOG: $!";<br>
flock(LKFD,2) || die "Cannot lock: $!";<br>
seek(LKFD,0,2);<br>
print LKFD "$msg\n";<br>
close(LKFD);<br>
<br>
----------------------------<br>
<br>
<br>
Thanks,<br>
saravan<br>
<br>
Greg Lyons wrote:
<blockquote
cite="[EMAIL PROTECTED]"
type="cite">
<pre wrap="">Saravan,
Is your ACP working properly? You might try a simple shell script like
the one below as a test. I suspect your ACP might be the problem,
because my system is also a RHEL machine and it works fine. If you
would like, I can send you my binary RPM, xinetd config, LDAP-based ACP,
and whatever else you think might help. Just send me an email privately
and I'll give you whatever I have.
#!/bin/bash
if [ "$PROXY_USERNAME" = "user" ] && [ "$PROXY_PASSWD" = "good" ]; then
exit 0
else
exit 1
fi
Venkatachalam, Saravanakumar wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Greg,
Thanks a lot for offering the patch. I too downloaded v1.1.5 and
applied your patch.
It looks like <a class="moz-txt-link-abbreviated"
href="ftp://ftp.proxy";>ftp.proxy</a> does not do local authentication
properly. I
mean to say, it just provide access even if we provide wrong password.
If you wish I can send you the strace output or what you prefer.
I'm trying on Red Hat enterprise Linux 3, is this any OS specific ?
thanks,
saravan
</pre>
</blockquote>
<pre wrap=""><!---->
--general-l------------------------------------
To unsubscribe please visit:
<a class="moz-txt-link-freetext"
href="http://www.ftpproxy.org/html/maillinglists.html";>http://www.ftpproxy.org/html/maillinglists.html</a>
</pre>
</blockquote>
<br>
<PRE>
--general-l------------------------------------
To unsubscribe please visit:
http://www.ftpproxy.org/html/maillinglists.html
</PRE></body>
</html>
</x-html>
From [EMAIL PROTECTED] Fri Jun 03 10:20:54 2005
Return-Path: <[EMAIL PROTECTED]>
Received: from mail.compucation.de (mail.compucation.de [213.185.64.44])
by um1.pce.de (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with ESMTP
id j52Doav06018
(using TLSv1/SSLv3 with cipher RC4-MD5 (128 bits) verified NO)
for <[EMAIL PROTECTED]>; Thu, 2 Jun 2005 15:50:36 +0200
Received: from go4.ext.ti.com (go4.ext.ti.com [192.91.75.132])
by compucation.de (mail.compucation.de [213.185.64.44])
(Cipher TLSv1:RC4-MD5:128) (MDaemon.PRO.v8.0.2.R)
with ESMTP id md50000055596.msg
for <[EMAIL PROTECTED]>; Thu, 02 Jun 2005 15:48:22 +0200
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 02 Jun 2005 19:17:59 +0530
From: "Venkatachalam, Saravanakumar" <[EMAIL PROTECTED]>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "general-l List Member" <[EMAIL PROTECTED]>
Subject: [general-l] FTP proxy authentication {05}
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL
PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Content-Transfer-Encoding: 7bit
X-Lookup-Warning: MAIL lookup on [EMAIL PROTECTED] does not match 192.91.75.132
X-MDRemoteIP: 192.91.75.132
Sender: [EMAIL PROTECTED]
X-Return-Path: [EMAIL PROTECTED]
Precedence: bulk
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
X-MDMailing-List: [EMAIL PROTECTED]
X-MDSend-Notifications-To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-MDaemon-Deliver-To: [EMAIL PROTECTED]
X-MDAV-Processed: mail.compucation.de, Thu, 02 Jun 2005 15:48:53 +0200
X-UIDL: ^b+!!9Lo!!(;_!!F/4!!
X-Eudora2Unix: 3905-11-05T08:39:37Z converted
<x-flowed>
Greg,
Thats cool !! It works now. Thank you again.
The reason for the problem is.. First of all I did not use ACP.. I
thought ftp.proxy will do local authentication by default.
Now we used perl scripts for ACP and CCP to authenticate and log.
You might be interested in having a look at our ACP and CCP,
Our ACP:
-----------------------------------
#!/usr/local/bin/perl -w
$ENV{PATH} = "/bin:/usr/bin:/sbin:/usr/sbin";
if(!defined($ENV{PROXY_USERNAME}) or !defined($ENV{PROXY_PASSWD})) {
print STDERR "Please set the environment variables
PROXY_USERNAME & PROXY_PASSWD\n";
exit(1);
}
$PROXY_USERNAME = $ENV{PROXY_USERNAME};
$PROXY_PASSWD = $ENV{PROXY_PASSWD};
@pass = getpwnam("$PROXY_USERNAME");
if(!defined($pass[0])) {
print STDERR "Authentication failure...\n";
exit(1);
}
$passwd = $pass[1];
$salt = substr($passwd,0,2);
$mypass = crypt($PROXY_PASSWD,$salt);
$LOG = "/var/log/FTP_PROXY_LOG";
open(LKFD,">>$LOG") || die "Cannot open $LOG: $!";
flock(LKFD,2) || die "Cannot lock: $!";
seek(LKFD,0,2);
$date = `date`;
chomp($date);
$ts = time();
$date = `date "+%h-%d-%H:%M:%S"`;
chomp($date);
if($mypass ne $passwd) {
print STDERR "Authentication failure...\n";
print LKFD "$ts $date Authentication Failure For User
($PROXY_USERNAME)\n";
close(LKFD);
exit(1);
}
print STDERR "Success....\n";
print LKFD "$ts $date Authentication Succeeded For User
($PROXY_USERNAME)\n";
close(LKFD);
exit(0);
--------------------------
Our CCP:
#!/usr/local/bin/perl -w
$ENV{PATH} = "/bin:/usr/bin:/sbin:/usr/sbin";
$ts = time();
$date = `date "+%h-%d-%H:%M:%S"`;
chomp($date);
$msg = "$ts $date SourceHost($ENV{PROXY_CLIENTNAME})
ProxyUser($ENV{PROXY_USERNAME}) ";
$msg .= "RemoteHost($ENV{PROXY_SERVERNAME})
RemoteUser($ENV{PROXY_SERVERLOGIN}) ";
$msg .= "Command($ENV{PROXY_COMMAND} $ENV{PROXY_PARAMETER})";
$LOG = "/var/log/FTP_PROXY_LOG";
open(LKFD,">>$LOG") || die "Cannot open $LOG: $!";
flock(LKFD,2) || die "Cannot lock: $!";
seek(LKFD,0,2);
print LKFD "$msg\n";
close(LKFD);
----------------------------
Thanks,
saravan
Greg Lyons wrote:
>Saravan,
>
>Is your ACP working properly? You might try a simple shell script like
>the one below as a test. I suspect your ACP might be the problem,
>because my system is also a RHEL machine and it works fine. If you
>would like, I can send you my binary RPM, xinetd config, LDAP-based ACP,
>and whatever else you think might help. Just send me an email privately
>and I'll give you whatever I have.
>
>#!/bin/bash
>if [ "$PROXY_USERNAME" = "user" ] && [ "$PROXY_PASSWD" = "good" ]; then
> exit 0
>else
> exit 1
>fi
>
>
>Venkatachalam, Saravanakumar wrote:
>
>
>
>>Greg,
>>
>>Thanks a lot for offering the patch. I too downloaded v1.1.5 and
>>applied your patch.
>>
>>It looks like ftp.proxy does not do local authentication properly. I
>>mean to say, it just provide access even if we provide wrong password.
>>
>>If you wish I can send you the strace output or what you prefer.
>>
>>I'm trying on Red Hat enterprise Linux 3, is this any OS specific ?
>>
>>
>>thanks,
>>saravan
>>
>>
>>
>
>
>
>--general-l------------------------------------
>To unsubscribe please visit:
>http://www.ftpproxy.org/html/maillinglists.html
>
>
>
>
--general-l------------------------------------
To unsubscribe please visit:
http://www.ftpproxy.org/html/maillinglists.html
</x-flowed>
From [EMAIL PROTECTED] Thu Jun 09 11:59:44 2005
Return-Path: <[EMAIL PROTECTED]>
Received: from mail.compucation.de (mail.compucation.de [213.185.64.44])
by um1.pce.de (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with ESMTP
id j599ucv28334
(using TLSv1/SSLv3 with cipher RC4-MD5 (128 bits) verified NO)
for <[EMAIL PROTECTED]>; Thu, 9 Jun 2005 11:56:39 +0200
Received: from dns1.sycor-world.de (dns1.sycor-world.de [194.31.241.5])
by compucation.de (mail.compucation.de [213.185.64.44])
(Cipher TLSv1:RC4-MD5:128) (MDaemon.PRO.v8.0.2.R)
with ESMTP id md50000056524.msg
for <[EMAIL PROTECTED]>; Thu, 09 Jun 2005 11:56:34 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: [general-l] Username with @ question! {01}
Date: Thu, 9 Jun 2005 11:56:29 +0200
Message-ID: <[EMAIL PROTECTED]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Username with @ question!
Thread-Index: AcVs2YIjI6XtwV2rSlGqqeoNk4PPSg==
From: "Albrecht Marcus" <[EMAIL PROTECTED]>
To: "general-l List Member" <[EMAIL PROTECTED]>
X-MDRemoteIP: 194.31.241.5
Sender: [EMAIL PROTECTED]
X-Return-Path: [EMAIL PROTECTED]
Precedence: bulk
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
X-MDMailing-List: [EMAIL PROTECTED]
X-MDSend-Notifications-To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-MDaemon-Deliver-To: [EMAIL PROTECTED]
X-MDAV-Processed: mail.compucation.de, Thu, 09 Jun 2005 11:56:37 +0200
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by um1.pce.de id
j599ucv28334
X-UIDL: `4!"!FeT!!$!N!!h*`!!
X-Eudora2Unix: 3905-11-05T08:39:37Z converted
Dear ftpproxy Users,
I do have a problem connection to a site through ftp proxy.
The problem is with the username at the remote site which as a @ sign in
it.
For example the username is "[EMAIL PROTECTED]".
As ftpproxy treats the @ as the seperator between username and host he
tries to connect "domain.com" with username "user" instead of user
"[EMAIL PROTECTED]" at "ftp.domain.com". That won't work.
Is there a chance to get this working, as changing the username is not
an option
I changed the user and domain name to get the data anonymiezed.
Example:
Username: [EMAIL PROTECTED]
FTP-Server: ftp.domain.com
Logfile extract:
Jun 9 10:16:11 dns2 ftp.proxy[23744]: connected to client:
gl1.sycor.de, interface= 192.168.xxx.xxx:21
Jun 9 10:16:11 dns2 ftp.proxy[23744]: info: monitor mode: off, ccp:
<unset>
Jun 9 10:16:11 dns2 ftp.proxy[23744]: -ERR: can't resolve hostname:
[EMAIL PROTECTED]
I start ftpproxy using xinetd:
service ftpproxy
{
disable = no
socket_type = stream
protocol = tcp
port = 21
type = UNLISTED
wait = no
user = ftp
server = /usr/sbin/ftp.proxy
server_args = -d -e -b -B
}
Anyone got a clue?
Thanks in advance!
Marcus Albrecht
---
--general-l------------------------------------
To unsubscribe please visit:
http://www.ftpproxy.org/html/maillinglists.html
