Article delegate-en/4024 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4022@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Testing the HTTP/HTTPS and FTP Delegate proxy
29 Jul 2008 23:45:00 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

Here is an another solution.
Your AUHTORIZER parameters can be unified into a single one as this:

  AUTHORIZER="-list{u1:p1,u2:p2},-list{u1,u2}(-reject.badpass),-any(others)"

In the first -list, u1,u2,u3 and u4 are authorized with their password.
Otherwise they are rejected by the second -list with a newly introduced
prefix "-reject." to a mapped user name.
Any other users including empty user-name are authenticated with any
password including empty password and mapped to a pseudo user "others".
When this is used for FTP protocol, the client will not be asked password.

The enclosed patch is a very tentative implementation of "-reject.".
It might be like "-reject.list{...}" or "-xxxlist{...}" for a concatenation
of "-list{...} and -reject.list{...}" in the official release.

By the way, you seem using the command sequence for FTP proxy as follows:

  USER user@server
  PASS pass
  USER anonymous
  PASS foo@bar

You can use the following instead:

  USER user
  PASS pass
  CWD //anonymous:foo@bar@server


 |Here are the log of the Delegate proxy:

You are recommended to use "-vd" option of DeleGate too inspect the
detailed conversation among the client, DeleGate and the server.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller


*** dist/src/delegate9.8.4-pre2/src/access.c	Wed Jul 23 12:21:35 2008
--- ./src/access.c	Wed Jul 30 08:26:52 2008
***************
*** 2606,2611 ****
--- 2606,2616 ----
  				wordScanY(sv[si],ident->i_Host,"^{");
  			}
  			if( ident && muser ){
+ 				if( strneq(muser,"-reject.",8) ){
+ 					sv1log(">>>> [%s] rejected\n",user);
+ 					muser += 8;
+ 					rcode = -1;
+ 				}
  				QStrncpy(ident->i_user,muser,strlen(muser));
  				ident->i_stat |=  AUTH_MAPPED;
  			}

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V