Venkatachalam, Saravanakumar
Thu, 2 Jun 2005 15:48:18 +0200
<x-html> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> Greg, <br> <br> Thats cool !! It works now. Thank you again.<br> <br> The reason for the problem is.. First of all I did not use ACP.. I thought <a class="moz-txt-link-abbreviated" href="ftp://ftp.proxy";>ftp.proxy</a> will do local authentication by default.<br> <br> Now we used perl scripts for ACP and CCP to authenticate and log. <br> <br> You might be interested in having a look at our ACP and CCP,<br> <br> Our ACP:<br> -----------------------------------<br> #!/usr/local/bin/perl -w<br> <br> $ENV{PATH} = "/bin:/usr/bin:/sbin:/usr/sbin";<br> <br> if(!defined($ENV{PROXY_USERNAME}) or !defined($ENV{PROXY_PASSWD})) {<br> print STDERR "Please set the environment variables PROXY_USERNAME & PROXY_PASSWD\n";<br> exit(1);<br> }<br> <br> $PROXY_USERNAME = $ENV{PROXY_USERNAME};<br> $PROXY_PASSWD = $ENV{PROXY_PASSWD};<br> <br> @pass = getpwnam("$PROXY_USERNAME");<br> if(!defined($pass[0])) {<br> print STDERR "Authentication failure...\n";<br> exit(1);<br> }<br> <br> $passwd = $pass[1];<br> $salt = substr($passwd,0,2);<br> $mypass = crypt($PROXY_PASSWD,$salt);<br> <br> $LOG = "/var/log/FTP_PROXY_LOG";<br> open(LKFD,">>$LOG") || die "Cannot open $LOG: $!";<br> flock(LKFD,2) || die "Cannot lock: $!";<br> seek(LKFD,0,2);<br> $date = `date`;<br> chomp($date);<br> <br> $ts = time();<br> $date = `date "+%h-%d-%H:%M:%S"`;<br> chomp($date);<br> <br> if($mypass ne $passwd) {<br> print STDERR "Authentication failure...\n";<br> print LKFD "$ts $date Authentication Failure For User ($PROXY_USERNAME)\n";<br> close(LKFD);<br> exit(1);<br> }<br> <br> print STDERR "Success....\n";<br> print LKFD "$ts $date Authentication Succeeded For User ($PROXY_USERNAME)\n";<br> close(LKFD);<br> exit(0);<br> <br> --------------------------<br> <br> Our CCP:<br> <br> #!/usr/local/bin/perl -w<br> <br> $ENV{PATH} = "/bin:/usr/bin:/sbin:/usr/sbin";<br> <br> $ts = time();<br> $date = `date "+%h-%d-%H:%M:%S"`;<br> chomp($date);<br> $msg = "$ts $date SourceHost($ENV{PROXY_CLIENTNAME}) ProxyUser($ENV{PROXY_USERNAME}) ";<br> $msg .= "RemoteHost($ENV{PROXY_SERVERNAME}) RemoteUser($ENV{PROXY_SERVERLOGIN}) ";<br> $msg .= "Command($ENV{PROXY_COMMAND} $ENV{PROXY_PARAMETER})";<br> <br> $LOG = "/var/log/FTP_PROXY_LOG";<br> open(LKFD,">>$LOG") || die "Cannot open $LOG: $!";<br> flock(LKFD,2) || die "Cannot lock: $!";<br> seek(LKFD,0,2);<br> print LKFD "$msg\n";<br> close(LKFD);<br> <br> ----------------------------<br> <br> <br> Thanks,<br> saravan<br> <br> Greg Lyons wrote: <blockquote cite="[EMAIL PROTECTED]" type="cite"> <pre wrap="">Saravan, Is your ACP working properly? You might try a simple shell script like the one below as a test. I suspect your ACP might be the problem, because my system is also a RHEL machine and it works fine. If you would like, I can send you my binary RPM, xinetd config, LDAP-based ACP, and whatever else you think might help. Just send me an email privately and I'll give you whatever I have. #!/bin/bash if [ "$PROXY_USERNAME" = "user" ] && [ "$PROXY_PASSWD" = "good" ]; then exit 0 else exit 1 fi Venkatachalam, Saravanakumar wrote: </pre> <blockquote type="cite"> <pre wrap="">Greg, Thanks a lot for offering the patch. I too downloaded v1.1.5 and applied your patch. It looks like <a class="moz-txt-link-abbreviated" href="ftp://ftp.proxy";>ftp.proxy</a> does not do local authentication properly. I mean to say, it just provide access even if we provide wrong password. If you wish I can send you the strace output or what you prefer. I'm trying on Red Hat enterprise Linux 3, is this any OS specific ? thanks, saravan </pre> </blockquote> <pre wrap=""><!----> --general-l------------------------------------ To unsubscribe please visit: <a class="moz-txt-link-freetext" href="http://www.ftpproxy.org/html/maillinglists.html";>http://www.ftpproxy.org/html/maillinglists.html</a> </pre> </blockquote> <br> <PRE> --general-l------------------------------------ To unsubscribe please visit: http://www.ftpproxy.org/html/maillinglists.html </PRE></body> </html> </x-html> From [EMAIL PROTECTED] Fri Jun 03 10:20:54 2005 Return-Path: <[EMAIL PROTECTED]> Received: from mail.compucation.de (mail.compucation.de [213.185.64.44]) by um1.pce.de (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with ESMTP id j52Doav06018 (using TLSv1/SSLv3 with cipher RC4-MD5 (128 bits) verified NO) for <[EMAIL PROTECTED]>; Thu, 2 Jun 2005 15:50:36 +0200 Received: from go4.ext.ti.com (go4.ext.ti.com [192.91.75.132]) by compucation.de (mail.compucation.de [213.185.64.44]) (Cipher TLSv1:RC4-MD5:128) (MDaemon.PRO.v8.0.2.R) with ESMTP id md50000055596.msg for <[EMAIL PROTECTED]>; Thu, 02 Jun 2005 15:48:22 +0200 Message-ID: <[EMAIL PROTECTED]> Date: Thu, 02 Jun 2005 19:17:59 +0530 From: "Venkatachalam, Saravanakumar" <[EMAIL PROTECTED]> User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "general-l List Member" <[EMAIL PROTECTED]> Subject: [general-l] FTP proxy authentication {05} References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> In-Reply-To: <[EMAIL PROTECTED]> Content-Transfer-Encoding: 7bit X-Lookup-Warning: MAIL lookup on [EMAIL PROTECTED] does not match 192.91.75.132 X-MDRemoteIP: 192.91.75.132 Sender: [EMAIL PROTECTED] X-Return-Path: [EMAIL PROTECTED] Precedence: bulk List-Unsubscribe: <[EMAIL PROTECTED]> X-MDMailing-List: [EMAIL PROTECTED] X-MDSend-Notifications-To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-MDaemon-Deliver-To: [EMAIL PROTECTED] X-MDAV-Processed: mail.compucation.de, Thu, 02 Jun 2005 15:48:53 +0200 X-UIDL: ^b+!!9Lo!!(;_!!F/4!! X-Eudora2Unix: 3905-11-05T08:39:37Z converted <x-flowed> Greg, Thats cool !! It works now. Thank you again. The reason for the problem is.. First of all I did not use ACP.. I thought ftp.proxy will do local authentication by default. Now we used perl scripts for ACP and CCP to authenticate and log. You might be interested in having a look at our ACP and CCP, Our ACP: ----------------------------------- #!/usr/local/bin/perl -w $ENV{PATH} = "/bin:/usr/bin:/sbin:/usr/sbin"; if(!defined($ENV{PROXY_USERNAME}) or !defined($ENV{PROXY_PASSWD})) { print STDERR "Please set the environment variables PROXY_USERNAME & PROXY_PASSWD\n"; exit(1); } $PROXY_USERNAME = $ENV{PROXY_USERNAME}; $PROXY_PASSWD = $ENV{PROXY_PASSWD}; @pass = getpwnam("$PROXY_USERNAME"); if(!defined($pass[0])) { print STDERR "Authentication failure...\n"; exit(1); } $passwd = $pass[1]; $salt = substr($passwd,0,2); $mypass = crypt($PROXY_PASSWD,$salt); $LOG = "/var/log/FTP_PROXY_LOG"; open(LKFD,">>$LOG") || die "Cannot open $LOG: $!"; flock(LKFD,2) || die "Cannot lock: $!"; seek(LKFD,0,2); $date = `date`; chomp($date); $ts = time(); $date = `date "+%h-%d-%H:%M:%S"`; chomp($date); if($mypass ne $passwd) { print STDERR "Authentication failure...\n"; print LKFD "$ts $date Authentication Failure For User ($PROXY_USERNAME)\n"; close(LKFD); exit(1); } print STDERR "Success....\n"; print LKFD "$ts $date Authentication Succeeded For User ($PROXY_USERNAME)\n"; close(LKFD); exit(0); -------------------------- Our CCP: #!/usr/local/bin/perl -w $ENV{PATH} = "/bin:/usr/bin:/sbin:/usr/sbin"; $ts = time(); $date = `date "+%h-%d-%H:%M:%S"`; chomp($date); $msg = "$ts $date SourceHost($ENV{PROXY_CLIENTNAME}) ProxyUser($ENV{PROXY_USERNAME}) "; $msg .= "RemoteHost($ENV{PROXY_SERVERNAME}) RemoteUser($ENV{PROXY_SERVERLOGIN}) "; $msg .= "Command($ENV{PROXY_COMMAND} $ENV{PROXY_PARAMETER})"; $LOG = "/var/log/FTP_PROXY_LOG"; open(LKFD,">>$LOG") || die "Cannot open $LOG: $!"; flock(LKFD,2) || die "Cannot lock: $!"; seek(LKFD,0,2); print LKFD "$msg\n"; close(LKFD); ---------------------------- Thanks, saravan Greg Lyons wrote: >Saravan, > >Is your ACP working properly? You might try a simple shell script like >the one below as a test. I suspect your ACP might be the problem, >because my system is also a RHEL machine and it works fine. If you >would like, I can send you my binary RPM, xinetd config, LDAP-based ACP, >and whatever else you think might help. Just send me an email privately >and I'll give you whatever I have. > >#!/bin/bash >if [ "$PROXY_USERNAME" = "user" ] && [ "$PROXY_PASSWD" = "good" ]; then > exit 0 >else > exit 1 >fi > > >Venkatachalam, Saravanakumar wrote: > > > >>Greg, >> >>Thanks a lot for offering the patch. I too downloaded v1.1.5 and >>applied your patch. >> >>It looks like ftp.proxy does not do local authentication properly. I >>mean to say, it just provide access even if we provide wrong password. >> >>If you wish I can send you the strace output or what you prefer. >> >>I'm trying on Red Hat enterprise Linux 3, is this any OS specific ? >> >> >>thanks, >>saravan >> >> >> > > > >--general-l------------------------------------ >To unsubscribe please visit: >http://www.ftpproxy.org/html/maillinglists.html > > > > --general-l------------------------------------ To unsubscribe please visit: http://www.ftpproxy.org/html/maillinglists.html </x-flowed> From [EMAIL PROTECTED] Thu Jun 09 11:59:44 2005 Return-Path: <[EMAIL PROTECTED]> Received: from mail.compucation.de (mail.compucation.de [213.185.64.44]) by um1.pce.de (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with ESMTP id j599ucv28334 (using TLSv1/SSLv3 with cipher RC4-MD5 (128 bits) verified NO) for <[EMAIL PROTECTED]>; Thu, 9 Jun 2005 11:56:39 +0200 Received: from dns1.sycor-world.de (dns1.sycor-world.de [194.31.241.5]) by compucation.de (mail.compucation.de [213.185.64.44]) (Cipher TLSv1:RC4-MD5:128) (MDaemon.PRO.v8.0.2.R) with ESMTP id md50000056524.msg for <[EMAIL PROTECTED]>; Thu, 09 Jun 2005 11:56:34 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Subject: [general-l] Username with @ question! {01} Date: Thu, 9 Jun 2005 11:56:29 +0200 Message-ID: <[EMAIL PROTECTED]> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Username with @ question! Thread-Index: AcVs2YIjI6XtwV2rSlGqqeoNk4PPSg== From: "Albrecht Marcus" <[EMAIL PROTECTED]> To: "general-l List Member" <[EMAIL PROTECTED]> X-MDRemoteIP: 194.31.241.5 Sender: [EMAIL PROTECTED] X-Return-Path: [EMAIL PROTECTED] Precedence: bulk List-Unsubscribe: <[EMAIL PROTECTED]> X-MDMailing-List: [EMAIL PROTECTED] X-MDSend-Notifications-To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-MDaemon-Deliver-To: [EMAIL PROTECTED] X-MDAV-Processed: mail.compucation.de, Thu, 09 Jun 2005 11:56:37 +0200 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by um1.pce.de id j599ucv28334 X-UIDL: `4!"!FeT!!$!N!!h*`!! X-Eudora2Unix: 3905-11-05T08:39:37Z converted Dear ftpproxy Users, I do have a problem connection to a site through ftp proxy. The problem is with the username at the remote site which as a @ sign in it. For example the username is "[EMAIL PROTECTED]". As ftpproxy treats the @ as the seperator between username and host he tries to connect "domain.com" with username "user" instead of user "[EMAIL PROTECTED]" at "ftp.domain.com". That won't work. Is there a chance to get this working, as changing the username is not an option I changed the user and domain name to get the data anonymiezed. Example: Username: [EMAIL PROTECTED] FTP-Server: ftp.domain.com Logfile extract: Jun 9 10:16:11 dns2 ftp.proxy[23744]: connected to client: gl1.sycor.de, interface= 192.168.xxx.xxx:21 Jun 9 10:16:11 dns2 ftp.proxy[23744]: info: monitor mode: off, ccp: <unset> Jun 9 10:16:11 dns2 ftp.proxy[23744]: -ERR: can't resolve hostname: [EMAIL PROTECTED] I start ftpproxy using xinetd: service ftpproxy { disable = no socket_type = stream protocol = tcp port = 21 type = UNLISTED wait = no user = ftp server = /usr/sbin/ftp.proxy server_args = -d -e -b -B } Anyone got a clue? Thanks in advance! Marcus Albrecht --- --general-l------------------------------------ To unsubscribe please visit: http://www.ftpproxy.org/html/maillinglists.html