Article delegate-en/1142 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<3AF99CEF.F61671E9@advalvas.be>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: regarding delegate and FTPS
10 May 2001 07:23:15 GMT y.sato@delegate.org (Yutaka Sato)


Hi,

In message <3AF99CEF.F61671E9@advalvas.be> on 05/10/01(04:39:27)
you dirk laurijssen <piucabdyi-ufvkztuzw23r.ml@ml.delegate.org> wrote:
 |The one clients is valicerts' filedrive (about 2Mb), and the other is
 |the more common WS-FTP Pro by Ipswitch (about 2.5Mb).

Thank you for your information.
I got the evaluation version of "WS-FTP Pro" to test "AUTH TLS"
of SSLway/DeleGate implemented with the enclosed patch and invoked
with following options:
 ...
 SERVER=ftp \
 CMAP="sslway:FCL:ftp-data" \
 CMAP="sslway -St:FCL:ftp"

It seems working as a FTP/SSL server without problem with the
"WS-FTP Pro" as a FTP client with "Connect/Connection/Secure(SSL)"
checked (and set "UserID: user%serverHost")

Though I have not tested with a real FTP/SSL server, I tested
client-side FTP DeleGate to do "AUTH TLS" with the above
server-side DeleGate, with following options:

 CMAP="sslway:FSV:ftp-data" \
 CMAP="sslway -St:FSV:ftp"

Cheers,
Yutaka
--
  @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
 ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan


diff -cr ../../delegate7.3.0/filters/sslway.c ./filters/sslway.c
*** ../../delegate7.3.0/filters/sslway.c	Fri Mar  2 16:48:49 2001
--- ./filters/sslway.c	Thu May 10 16:01:41 2001
***************
*** 492,497 ****
--- 492,507 ----
  			if( proto != NULL )
  				break;
  			if( strncmp(buf,"220",3) == 0 ){
+ 				if( buf[3] == '-' ){
+ 					do {
+ 						fgets(msgb,sizeof(msgb),fs);
+ 						fputs(msgb,tc);
+ 					} while( msgb[3] == '-' );
+ 					fflush(tc);
+ 				}
+ 				if( strstr(buf,"FTP") )
+ 					proto = "FTP";
+ 				else
  				proto = "SMTP";
  				break;
  			}else
***************
*** 507,512 ****
--- 517,525 ----
  			}
  		}
  		ERROR("STARTTLS to server -- %s",proto);
+ 		if( strcasecmp(proto,"FTP") == 0 ){
+ 			fputs("AUTH TLS\r\n",ts);
+ 		}else
  		if( strcasecmp(proto,"SMTP") == 0 ){
  			fputs("STARTTLS\r\n",ts);
  		}else
***************
*** 565,570 ****
--- 578,592 ----
  			sprintf(msgb,"%s OK Begin TLS negotiation\r\n",com);
  			write(accfd,msgb,strlen(msgb));
  			ERROR("STARTTLS from IMAP client -- OK");
+ 			break;
+ 		}
+ 
+ 		/* FTP */
+ 		if( strcasecmp(com,"AUTH") == 0 )
+ 		if( strcasecmp(arg,"TLS") == 0 || strcasecmp(arg,"SSL") == 0 ){
+ 			msg = "234 OK\r\n";
+ 			write(accfd,msg,strlen(msg));
+ 			ERROR("AUTH TLS from FTP client -- OK");
  			break;
  		}
  
diff -cr ../../delegate7.3.0/src/ftp.c ./src/ftp.c
*** ../../delegate7.3.0/src/ftp.c	Fri Apr 20 16:11:12 2001
--- ./src/ftp.c	Thu May 10 15:58:23 2001
***************
*** 494,499 ****
--- 494,500 ----
  	char host[64],hostport[64];
  	int port,a0,a1,a2,a3,p0,p1;
  	int try;
+ 	char xproto[64];
  
  /*
  	if( !isREACHABLE("ftp",hostport) ){
***************
*** 503,508 ****
--- 504,511 ----
  */
  
  	try = 0;
+ 	strcpy(xproto,REAL_PROTO);
+ 	strcpy(REAL_PROTO,"ftp-data"); /* getViaSocks() requires it */
  	for(;;){
  	dsock = connect_ftp_data(Conn,dport,cntrlsock);
  		if( 0 <= dsock )
***************
*** 512,517 ****
--- 515,521 ----
  		sv1log("FTP data connection failed (%d), retrying...\n",try);
  		msleep(200);
  	}
+ 	strcpy(REAL_PROTO,xproto);
  	/* It should be connect_to_server() to tcprelay://a.b.c.d:ef/
  	 * so that it can be controlled and relayed with DeleGate's routing.
  	 */
***************
*** 1978,1983 ****
--- 1982,1991 ----
  			if( !rewrite_PWD(FS,req,arg,tc) ){
   fprintf(tc,"257 \"%s\" is current directory.\r\n",FS->fs_CWD);
  			}
+ 		}else
+ 		if( strcasecmp(com,"HELP") == 0 ){
+  fprintf(tc,"214-\r\n"); /* WS-FTP(6.7) freezes if HELP returns error */
+  fprintf(tc,"214\r\n");
  		}else{
   fprintf(tc,"500-%s",req);
   fprintf(tc,"500 only USER,PASS,TYPE,QUIT and CWD are available.\r\n");
***************
*** 2552,2557 ****
--- 2560,2566 ----
  	int niced,rcode,ngets;
  	double Start,Time();
  	int odst;
+ 	int osrc,pid;
  	char *reason;
  	extern int IO_TIMEOUT;
  	int fromcache;
***************
*** 2572,2580 ****
--- 2581,2591 ----
  	xc = 0;
  	Verbose("FTP data-relay(%d,%d): bufsize=%d\n",src,dst,size);
  
+ 	if( REAL_HOST[0] == 0 ) strcpy(REAL_HOST,"-"); /* for DST_PROTO */
  	strcpy(xproto,REAL_PROTO);
  	strcpy(REAL_PROTO,"ftp-data");
  	odst = dst;
+ 	osrc = src;
  	if( tosv != 0 && filter_withCFI(Conn,XF_FTOSV) )
  		dst = insertFTOSV(Conn,dst,src,NULL);
  	else
***************
*** 2593,2598 ****
--- 2604,2612 ----
  		if( 0 <= (xdst = insertFCL(Conn,dst)) )
  			dst = xdst;
  		else
+ 		if( fromcache ){
+ 			/* can't apply a bidirectional filter for cache */
+ 		}else
  		if( 0 <= (xsrc = insertFSV(Conn,dst,src)) )
  			src = xsrc;
  	}
***************
*** 2642,2647 ****
--- 2656,2669 ----
  	if( dst != odst ){
  		close(dst);
  		wait(0);
+ 	}
+ 	if( src != osrc ){
+ 		close(src); /* close the socket/pipe to the filter */
+ 	}
+ 	if( dst != odst || src != osrc ){
+ 		/* wait the filter programs to exit */
+ 		while( 0 < (pid = NoHangWait()) )
+ 			sv1log("## finished filter [%d]\n",pid);
  	}
  	return xc;
  }

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V