Article delegate-en/1090 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A1089@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: vsap auth
13 Apr 2001 23:23:17 GMT feedback@delegate.org (Yutaka Sato)


On 04/13/01(20:13) you Indrek Mandre <piecabdyi-dyd2yva5ovxr.ml@ml.delegate.org> wrote
in <_A1089@delegate-en.ML_>
 |this far. I have an ADSL home but all incoming TCP is filtered. But
 |I managed to get my http server running using the VSAP protocol.

Do you mean you are using a pair of DeleGates connected with
"VSAP" protocol?

 |It's great, I almost started writing my own server, and found this :)

It took a while for me to remind about "VSAP" :)

 |So how can i do some-sort of authentication. Eg. send the administrator
 |password to the vsap server or something so that it could authenticate
 |me.
 |I know there is a way to update my address constantly, send it to the
 |vsap server host and restart delegated if things have changed.But that
 |solution seems like a hack. Maybe there is a better way?

A better way might be to use FCL and FSV with SSLway, then use
client side certificate for authentication.  But it can be a
little complex.

The enclosed patch will make "AUTHORIZER" parameter be applicable
to VSAP-server DeleGate like SERVER=vsap AUTHORIZER="foo@localhost",
and also make VSAP-client DeleGate take *environment variable*
AUTH_VSAP="foo:password" to send it to VSAP server.

Cheers,
Yutaka
--
  @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
 ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan

*** ../../delegate7.2.1/src/vsap.c	Tue Jan 16 14:42:48 2001
--- vsap.c	Sat Apr 14 07:52:39 2001
***************
*** 628,633 ****
--- 628,635 ----
  	int wcc,rcc;
  	char com[1024],arg[1024],*argp;
  	int timeout;
+ 	int AuthOk;
+ 	FILE *authout;
  
  	minit_vsapsv();
  	if( ToS <= 0 || FromS <= 0 ){
***************
*** 655,660 ****
--- 657,667 ----
  	svsock = -1;
  	reqver[0] = 0;
  
+ 	authout = TMPFILE("VSAP-AUTH");
+ 	if( doAUTH(Conn,NULL,authout,"vsap","-",0,"user-xxxx:pass-xxxx","host-xxxx",NULL,NULL) == EOF ){
+ 		AuthOk = 0;
+ 	}else	AuthOk = -1;
+ 
  	if( ImMaster ){
  		sprintf(myport,"%s:%d",DST_HOST,DST_PORT);
  	}else
***************
*** 672,677 ****
--- 679,699 ----
  		arg[0] = 0;
  		lineScan(argp,arg);
  
+ 		if( strcasecmp(com,"AUTH") == 0 ){
+ 			char ahost[256];
+ 			ahost[0] = 0;
+ 			if( doAUTH(Conn,NULL,authout,"vsap","-",0,arg,ahost,NULL,NULL) == EOF ){
+ 			}else{
+ 				AuthOk = 1;
+ 				SockPrintf(ToC,"%s %d OK\r\n",VER,OK_GENERIC);
+ 				continue;
+ 			}
+ 		}
+ 		if( AuthOk == 0 ){
+ 			SockPrintf(ToC,"%s %d forbidden\r\n",VER,NO_PERMISSION);
+ 			break;
+ 		}
+ 
  		if( strcasecmp(com,"ECHO") == 0 ){
  			char stime[64];
  			extern char *TIMEFORM_HTTPD;
***************
*** 862,867 ****
--- 884,898 ----
  		rsock = Socket1("VSAP",NEWSOCK,ANYPORT,host,port,0,NULL,0);
  		if( 0 <= rsock )
  			break;
+ 	}
+ 	if( 0 <= rsock ){
+ 		char *auth;
+ 		if( auth = getenv("VSAP_AUTH") ){
+ 			char resp[256];
+ 			SockPrintf(rsock,"%s AUTH %s\r\n",VER,auth);
+ 			RecvLine(rsock,resp,sizeof(resp));
+ 			daemonlog(resp_OK(resp)?"D":"E","## AUTH: %s\n",resp);
+ 		}
  	}
  	return rsock;
  }

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V