Re: [twsocket] TFtpServ that uses FTP user's Windows account security context
Now the source code is included: http://www.duodata.de/misc/delphi/OverbyteIcsFtpSrv-20070516.zip -- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html Arno Garrels wrote: Fastream Technologies wrote: Not yet. Having personal problems these days.. :(( I uploaded a new version with some common improvements and fixes. There's a new option to hide the physical path, see Menu | Options. http://www.duodata.de/misc/delphi/OverbyteIcsFtpServ.zip HomeDir is hardcoded C:\TEMP. In order to test Windows security try the following: 1) Create a new user Group FTP-Users 2) Right-click Drive C: | Properties | Security-Settings 3) Add group FTP-Users deny Full Access 4) Go to C:\Temp, Properties | Security-Settings Set proper NTFS rights to Group FTP-Users (break inheritance, copy inherited rights) 5) Create a new user make her a member of Group FTP-Users only. Make sure the server process runs in an account with sufficent permissions. Since the FtpSrv demo is not Vista-compatible please try on a different NT-OS or turn off virtualization as well as UAC or try to run the demo As Administrator. BTW: Even disk quotas work (I tested in XP). -- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html On 5/11/07, Arno Garrels [EMAIL PROTECTED] wrote: Fastream Technologies wrote: Hello Arno, I use Windows Vista Business. I went to the control panel and created what's called a limited user. Now that user can go into C:\Windows and list file/folder listings when logged in with your server demo. Is this normal? SZ, Any progress in testing? -- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html Regards, SZ On 5/10/07, Arno Garrels [EMAIL PROTECTED] wrote: Perhaps you can code the NTLM into ICS FTP Server demo? Believe me there is DEMAND for it! Fastream offers you $200 for the task to be completed in 10 days plus we can help you test. I know $200 is not much for a German company but this code could be used by many people so it's well spent effort (remember we will donate the demo). OK, some money is always welcome :-) I uploaded the result for testing (binary only): http://www.duodata.de/misc/delphi/OverbyteIcsFtpServ.zip It might be slower than the original v6 demo since security context is switched very frequently, please check whether it's too slow. Note that currently CWD works for directory names with length = 3 as well as with current HomeDir (Angus can you tell us why?). PWD also always succeeds. It's possible to upload a zero-size file even if the user has only read access (file is not written). My solution impersonates user's Windows security context upon filesystem access, all events however are triggered in the the context of server's process, it may be usefull to switch to user's context in some events as well, but that was fine tuning and should be discussed here. BTW: I changed/fixed the STOU command, can somebody please test? -- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] TFtpServ that uses FTP user's Windows account security context
Perhaps you can code the NTLM into ICS FTP Server demo? Believe me there is DEMAND for it! Fastream offers you $200 for the task to be completed in 10 days plus we can help you test. I know $200 is not much for a German company but this code could be used by many people so it's well spent effort (remember we will donate the demo). OK, some money is always welcome :-) I uploaded the result for testing (binary only): http://www.duodata.de/misc/delphi/OverbyteIcsFtpServ.zip It might be slower than the original v6 demo since security context is switched very frequently, please check whether it's too slow. Note that currently CWD works for directory names with length = 3 as well as with current HomeDir (Angus can you tell us why?). PWD also always succeeds. It's possible to upload a zero-size file even if the user has only read access (file is not written). My solution impersonates user's Windows security context upon filesystem access, all events however are triggered in the the context of server's process, it may be usefull to switch to user's context in some events as well, but that was fine tuning and should be discussed here. BTW: I changed/fixed the STOU command, can somebody please test? -- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TFtpServ that uses FTP user's Windows account security context
Hello Arno, I use Windows Vista Business. I went to the control panel and created what's called a limited user. Now that user can go into C:\Windows and list file/folder listings when logged in with your server demo. Is this normal? Regards, SZ On 5/10/07, Arno Garrels [EMAIL PROTECTED] wrote: Perhaps you can code the NTLM into ICS FTP Server demo? Believe me there is DEMAND for it! Fastream offers you $200 for the task to be completed in 10 days plus we can help you test. I know $200 is not much for a German company but this code could be used by many people so it's well spent effort (remember we will donate the demo). OK, some money is always welcome :-) I uploaded the result for testing (binary only): http://www.duodata.de/misc/delphi/OverbyteIcsFtpServ.zip It might be slower than the original v6 demo since security context is switched very frequently, please check whether it's too slow. Note that currently CWD works for directory names with length = 3 as well as with current HomeDir (Angus can you tell us why?). PWD also always succeeds. It's possible to upload a zero-size file even if the user has only read access (file is not written). My solution impersonates user's Windows security context upon filesystem access, all events however are triggered in the the context of server's process, it may be usefull to switch to user's context in some events as well, but that was fine tuning and should be discussed here. BTW: I changed/fixed the STOU command, can somebody please test? -- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be