Article delegate-en/3636 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3635@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Problem with slash in username on ftp proxy
13 Feb 2007 00:07:08 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A3635@delegate-en.ML_> on 02/13/07(05:13:38)
you Emmanuel Bailleul <pfyhabdyi-6rjyzcksb43r.ml@ml.delegate.org> wrote:
 |I've tested the patch today and everything runs smoothly.
 |
 |Thank you so much for your help and for all your work.

You are welcome.

 |>  |I have been testing delegate as a ftp proxy recently without a problem, 
 |>  |until someone reported me a problem regarding a ftp site that is using a 
 |>  |username containing a "/" (slash).
 |>  |After doing some tracing, I found that delegate did not send the right 
 |>  |part of the username (after the /) to the destination ftp server.
 |>  |However, I found this article : 
 |>  |http://www.delegate.org/mail-lists/delegate-en/01899 which said this was 
 |>  |patch in recent versions of delegate. I even was able to confirm this 
 |>  |patch was applied in latest version which I'm using (9.3.2), but that 
 |>  |does not seem to do the trick.
 |>  
 |> Hmm... It seems that I disabled it in 8.6.0 when I added a feature to
 |> send ACCT command in 8.6.0, and added the stab MOUNT in 9.2.2.  I'll
 |> fix it as the enclosed patch in 9.4.4 which will be released tomorrow.

I noticed the patch was incomplete disabling following features:

 - login with USER + ACCT as "user/something~account@hostname"
 - explicitly escaping "/" with "%2F"
 - secondary login on the same connection

So the real modification in 9.4.4 released yesterday is like the
enclosed patch.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller


diff -cr delegate9.4.4-pre2/src/ftp.c delegate9.4.4/src/ftp.c
*** delegate9.4.4-pre2/src/ftp.c	Wed Feb  7 15:40:34 2007
--- delegate9.4.4/src/ftp.c	Mon Feb 12 10:57:00 2007
***************
*** 2680,2685 ****
--- 2680,2690 ----
  		if( Mounted() )
  		/* if mounted */{
  			if( strcasecmp(com,"USER") == 0 && strchr(arg,'@') ){
+ 			  /* escape "/" in user-name to "%2F" while leaving
+ 			   * original "%2F" and other "%XX" as is.
+ 			   */
+ 			  url_escapeX(arg,AVStr(arg),sizeof(arg),"%%/?",":@");
+ 
  			    port = decomp_ftpsite(FS,AVStr(arg),&ident);
  			    wordScan(ident.i_user,cuser);
  			    textScan(ident.i_pass,cpass);
***************
*** 5168,5175 ****
--- 5173,5186 ----
  		if( xuser[0] == 0 )
  			xuser = pFC->fc_user;
  
+ 		/*
  		if( strpbrk(xuser,"~/") ){
  			scan_namebody(xuser,AVStr(user),sizeof(user),"~/",
+ 		8.6.0 "/" used for test, but not documented in the Manual.htm
+ 		9.4.4 "/" could be a part of username (8.0.3)
+ 		*/
+ 		if( strpbrk(xuser,"~") ){
+ 			scan_namebody(xuser,AVStr(user),sizeof(user),"~",
  				AVStr(FS->fs_acct),sizeof(FS->fs_acct),"");
  			sv1log("##ACCT got[%s] USER[%s]\n",FS->fs_acct,xuser);
  			xuser = user;
***************
*** 5968,5973 ****
--- 5979,5989 ----
  			if( unescape_user_at_host(AVStr(arg)) )
  				sprintf(req,"%s %s\r\n",com,arg);
  
+ 		if( strcaseeq(com,"USER") )
+ 		if( (dp = strpbrk(arg,"?/@")) && (*dp == '?' || *dp == '/') ){
+ 			url_escapeX(arg,AVStr(arg),sizeof(arg),"%%/?",":@");
+ 			sprintf(req,"%s %s\r\n",com,arg);
+ 		}
  		if( strcaseeq(com,"USER") )
  		if( (dp = strpbrk(arg,"~/@")) && (*dp == '~' || *dp == '/') ){
  			const char *tp;

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V