Greetings,
I'm using lftp from inside a firewall which provides a FTP proxy.
The proxy expects the following protocol.
USER [EMAIL PROTECTED] proxy_user
PASS password
ACCT proxy_password
Using ftp:acct with only the proxy password is possible, but I have not
figured out how to get proxy_user into the FTP USER command. Am I missing
something obvious? Ftp:proxy-auth-joined is not the right protocol.
I posted about this before but got no response. My patch to lftp-devel
never appeared on the list so I updated it to 3.1.3 and am resubmitting
it here. It adds a new ftp:proxy-auth-type configuration to expand the
number of FTP proxy mechanisms. Of necessity, it replaces the boolean,
ftp:proxy-auth-joined. Using a string configuration item opens the way
for various other unusual FTP proxy protocols.
Two values for ftp:proxy-auth-type are implemented: joined (formerly the
boolean, ftp:proxy-auth-joined) and joined-acct. Joined remains as before
(I hope your password doesn't contain an "@"):
USER [EMAIL PROTECTED]@ftp.example.org
PASS [EMAIL PROTECTED]
Joined-acct adds a new protocol used by proxies expecting the following
sequence of commands. Please note that if ftp:acct is set, the ftp:proxy
password (in the configuration file or read interactively) is ignored.
USER [EMAIL PROTECTED] proxy_user
PASS password
ACCT proxy_password
Unfortunately I don't have access to any other type of FTP proxy, so
I can't effectively verify I didn't break the "joined" or other FTP
proxy functionality.
For future enhancement, is there a mechanism to verify ftp:proxy-auth-type
arguments like that used for boolean config items? Does it make sense
to roll the "ACCT [EMAIL PROTECTED]" authentication type into this?
I'm not particularly fond of "joined" and "joined-acct." Suggestions
are welcome.
--
David Wolfe
diff -Nur lftp-3.1.3.orig/doc/ChangeLog lftp-3.1.3/doc/ChangeLog
--- lftp-3.1.3.orig/doc/ChangeLog 2005-04-05 05:01:00.000000000 -0500
+++ lftp-3.1.3/doc/ChangeLog 2005-04-15 13:59:14.296505680 -0500
@@ -1,3 +1,8 @@
+2005-04-15 David Wolfe <[EMAIL PROTECTED]>
+
+ * lftp.1: document ftp:proxy-auth-type, replaces
+ ftp:proxy-auth-joined.
+
2005-04-05 Alexander V. Lukyanov <[EMAIL PROTECTED]>
* lftp.1: document mirror --loop option.
diff -Nur lftp-3.1.3.orig/doc/lftp.1 lftp-3.1.3/doc/lftp.1
--- lftp-3.1.3.orig/doc/lftp.1 2005-04-05 05:01:09.000000000 -0500
+++ lftp-3.1.3/doc/lftp.1 2005-04-15 13:57:18.852443745 -0500
@@ -1017,10 +1017,18 @@
If ftp:proxy starts with http://, hftp (ftp over http proxy) is used instead
of ftp automatically.
.TP
-.BR ftp:proxy-auth-joined \ (boolean)
-when true, lftp sends [EMAIL PROTECTED]@ftp.example.org'' as user name to
proxy,
-and [EMAIL PROTECTED]'' as password. When false, it first sends
-proxy user and proxy password and then [EMAIL PROTECTED]'' and password.
+.BR ftp:proxy-auth-type \ (string)
+When set to ``joined'', lftp sends [EMAIL PROTECTED]@ftp.example.org'' as
+user name to proxy, and [EMAIL PROTECTED]'' as password.
+.IP
+When set to ``joined-acct'', lftp sends [EMAIL PROTECTED]
+proxy_user'' as user name to proxy. The site password is sent as
+usual and the proxy password is expected in the ACCT command (please
+see ftp:acct). As a convenience, the proxy password will replace the
+ftp:acct setting if ftp:acct is not set.
+.IP
+In all other cases it first sends proxy user and proxy password and then
[EMAIL PROTECTED]'' and password.
.TP
.BR ftp:rest-list \ (boolean)
allow usage of REST command before LIST command. This might be useful for
diff -Nur lftp-3.1.3.orig/src/ChangeLog lftp-3.1.3/src/ChangeLog
--- lftp-3.1.3.orig/src/ChangeLog 2005-04-15 00:21:29.000000000 -0500
+++ lftp-3.1.3/src/ChangeLog 2005-04-15 13:59:44.821704898 -0500
@@ -1,3 +1,7 @@
+2005-04-15 David Wolfe <[EMAIL PROTECTED]>
+
+ * lftp.1: document ftp:proxy-auth-type, replaces ftp:proxy-auth-joined.
+
2005-04-11 Alexander V. Lukyanov <[EMAIL PROTECTED]>
* SFtp.cc: resume recv_buf in Close, this fixes a rare hang.
diff -Nur lftp-3.1.3.orig/src/ftpclass.cc lftp-3.1.3/src/ftpclass.cc
--- lftp-3.1.3.orig/src/ftpclass.cc 2005-03-05 01:07:02.000000000 -0600
+++ lftp-3.1.3/src/ftpclass.cc 2005-04-15 13:57:18.866441085 -0500
@@ -1366,7 +1366,7 @@
char *user_to_use=(user?user:anon_user);
if(proxy && !conn->proxy_is_http)
{
- if(QueryBool("proxy-auth-joined",proxy) && proxy_user && proxy_pass)
+ if(strcmp(Query("proxy-auth-type",proxy), "joined") == 0 && proxy_user
&& proxy_pass)
{
char
*combined=(char*)alloca(strlen(user_to_use)+1+strlen(proxy_user)+1+strlen(hostname)+1+xstrlen(portname)+1);
sprintf(combined,"[EMAIL
PROTECTED]@%s",user_to_use,proxy_user,hostname);
@@ -1374,7 +1374,18 @@
sprintf(combined+strlen(combined),":%s",portname);
user_to_use=combined;
}
- else // !proxy-auth-joined
+ else if(strcmp(Query("proxy-auth-type",proxy), "joined-acct") == 0 &&
proxy_user && proxy_pass)
+ {
+ char
*combined=(char*)alloca(strlen(user_to_use)+1+strlen(hostname)+1+xstrlen(portname)+1+strlen(proxy_user)+1);
+ sprintf(combined,"[EMAIL PROTECTED]
%s",user_to_use,hostname,proxy_user);
+ if(portname)
+ sprintf(combined+strlen(combined),":%s",portname);
+ user_to_use=combined;
+ const char *acct=Query("acct");
+ if(acct==NULL || *acct=='\0')
+ ResMgr::Set("ftp:acct",0,proxy_pass);
+ }
+ else // !proxy-auth-type is joined or joined-acct
{
char
*combined=(char*)alloca(strlen(user_to_use)+1+strlen(hostname)+1+xstrlen(portname)+1);
sprintf(combined,"[EMAIL PROTECTED]",user_to_use,hostname);
@@ -1420,7 +1431,8 @@
if(allow_skey && skey_pass)
pass_to_use=skey_pass;
else if(proxy && !conn->proxy_is_http
- && QueryBool("proxy-auth-joined",proxy) && proxy_user && proxy_pass)
+ && strcmp(Query("proxy-auth-type"),"joined")==0
+ && proxy_user && proxy_pass)
{
char *p=string_alloca(strlen(pass_to_use)+1+strlen(proxy_pass)+1);
sprintf(p,"[EMAIL PROTECTED]",pass_to_use,proxy_pass);
diff -Nur lftp-3.1.3.orig/src/resource.cc lftp-3.1.3/src/resource.cc
--- lftp-3.1.3.orig/src/resource.cc 2005-03-05 01:07:03.000000000 -0600
+++ lftp-3.1.3/src/resource.cc 2005-04-15 13:57:18.867440895 -0500
@@ -205,7 +205,7 @@
ResDecl06 ("ftp:port-range", "full",
ResMgr::RangeValidate,0),
ResDecl06a("ftp:port-ipv4", "", ResMgr::IPv4AddrValidate,0),
ResDecl07 ("ftp:proxy", "", FtpProxyValidate,0),
- ResDecl07a("ftp:proxy-auth-joined", "no", ResMgr::BoolValidate,0),
+ ResDecl07a("ftp:proxy-auth-type", "", 0,0),
ResDecl08 ("ftp:rest-list", "no", ResMgr::BoolValidate,0),
ResDecl09 ("ftp:rest-stor", "yes", ResMgr::BoolValidate,0),
ResDecl09a("ftp:timezone", "GMT", 0,0),
