Re: "Clear channel" data transfer

Mon, 08 Nov 2004 05:12:41 -0800 

On Sat, Nov 06, 2004 at 09:18:57PM +0300, Alexander V. Lukyanov wrote:
> On Fri, Nov 05, 2004 at 03:50:09PM +0100, Artur Frysiak wrote:
> > > When a server listens the port 990, it is assumed that it uses protected
> > > data transfers by default (see draft-murray-auth-ftp-ssl-05.txt, "Initial
> > > Data Connection Security" subsection). This particular server does not
> > > follow this convention.
> > 
> > But according to:
> > http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-15.txt
> > section "10. Data Connection Security"
> > subsection "Initial Data Connection Security"
> > say:
> >       The initial state of the data connection MUST be 'Clear' (this is
> >       the behaviour as indicated by [RFC-2228].)
> 
> But this version of the draft (15) does not say a word about connections to
> secure ftp port 990. This method was declared obsolete and all references
> were removed.
> 
> Anyway, if you provide a patch to make lftp compatible with this broken
> server, I'll probably apply it.

Patch attached.

Regards
-- 
Artur Frysiak
http://www.pld-linux.org/

diff -ur lftp-3.0.11/src/ftpclass.cc lftp-3.0.11.hacked/src/ftpclass.cc
--- lftp-3.0.11/src/ftpclass.cc 2004-11-01 07:57:26.000000000 +0100
+++ lftp-3.0.11.hacked/src/ftpclass.cc  2004-11-07 01:15:22.000000000 +0100
@@ -1292,7 +1292,7 @@
       
if(proxy?!xstrcmp(proxy_proto,"ftps")||!xstrcmp(proxy_proto,"https"):ftps)
       {
         conn->MakeSSLBuffers(hostname);
-        conn->prot='P';
+        conn->prot=QueryBool("ssl-initial-protect-data",hostname)?'P':'C';
       }
       else // note the following block
 #endif
diff -ur lftp-3.0.11/src/resource.cc lftp-3.0.11.hacked/src/resource.cc
--- lftp-3.0.11/src/resource.cc 2004-08-23 16:39:37.000000000 +0200
+++ lftp-3.0.11.hacked/src/resource.cc  2004-11-07 01:23:01.000000000 +0100
@@ -199,6 +199,7 @@
    ResDecl11c("ftp:ssl-protect-data",    "no",    ResMgr::BoolValidate,0),
    ResDecl11g("ftp:ssl-protect-fxp",     "no",    ResMgr::BoolValidate,0),
    ResDecl11f("ftp:ssl-protect-list",    "yes",   ResMgr::BoolValidate,0),
+   ResDecl11h("ftp:ssl-initial-protect-data", "yes", ResMgr::BoolValidate,0),
    ResDecl11d("ftp:ssl-auth",            "TLS",   AuthArgValidate,0),
    ResDecl11e("ftp:ssl-allow-anonymous",  "no",           
ResMgr::BoolValidate,0),
 #endif

Reply via email to