Article delegate-en/3792 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3790@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Restrict the FTP username
06 Jul 2007 08:48:33 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A3790@delegate-en.ML_> on 07/06/07(07:06:53)
you Kevin Richter <pzyhabdyi-p53o7e4kogtr.ml@ml.delegate.org> wrote:
 |I am using delegate as a FTP proxy and I was wondering if/how it is
 |possible to limit the login to those users, who use the "user@hostname"
 |syntax as username - and supply a valid password?
 |
 |At the moment I can login with _any_ user and _any_ password.
 |
 |If the username contains a "@", delegate successfully denies the
 |connection, if the username/password are invalid for the server or if
 |the hostname is not in my permission list.
 |
 |But: How can I deny all connections _not_ containing a "@" in the username?
 |
 |Or is there another trick for this issue?

Basically, there are two ways for proxying FTP by DeleGate as follows:

1) by extended user name
  USER user@host
  PASS pass

2) by extended path name
  USER user
  PASS pass
  CWD //host

This is the reason why DeleGate as a proxy accept any user name.
In DeleGate/8.0.5, I introduced a parameter to accept only "USER user@host"
type of proxying with a parameter as follows:

  FTPCONF=proxy:user

So it should work in your case but it has been disabled since 9.2.2
in which I added a default MOUNT for FTP gateway.
It should be fixed in the next release.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

*** /Users/yutaka/dist/src/delegate9.6.3-pre1/src/ftp.c	Sun Jun 17 16:34:16 2007
--- src/ftp.c	Fri Jul  6 17:02:03 2007
***************
*** 2704,2707 ****
  		if( strcaseeq(com,"USER") ){
  			replace_atmark("USER",arg);
! 			if( !Mounted() ) /* working as a pure proxy */
  			if( strchr(arg,'@')==0 )/* USER without @host extension */
--- 2704,2708 ----
  		if( strcaseeq(com,"USER") ){
+ 			int nondefaultMounted();
  			replace_atmark("USER",arg);
! 			if( !nondefaultMounted() ) /* working as a pure proxy */
  			if( strchr(arg,'@')==0 )/* USER without @host extension */

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V