Re: Re: Re: Re: [proxy-suite] USER-WRN bad 'USER@' dest
1st sorry for the delay, was on businesstrip! Marius Tomaschewski wrote:
On Thu, Nov 21, 2002 at 10:28:00AM +0100, Frank Sackewitz wrote:
Hi,
Hi!
Shark! (german joke!)
I´ve to apologize to the proxy-suite-team. The mistake was sitting in front of the screen.
ftp-proxy works fine if I start it out of my chroot. Running in my chroot-envir ftp-proxy is unable to resolve IP-Addresses via bind. Via host it works.
What functions uses ftp-proxy to resolve addresses via bind? Does it call any binary?
and inet_aton, inet_ntoa. No direct resolver calls are used. The glibc is using the NSS stuff (name service switch), i.e.
/etc/nsswitch.conf, /etc/resolv.conf, libnss_dns, libnsl,
libresolv. You need them all - config+libs - in your chroot. As I said - all files where there. Note also: if you do any changes to these files, you have to
restart/reload the nscd (name service caching daemon). I´m not sure, but I think I hav´nt change anything. Try to strace it. Start the proxy, connect using the clinent,
find out the pid of the child process and attach strace to it: strace -f -o filename -p PID After strace is running, login using MagicChar with hostname.
You should be able to see, what happens / fails. Part of the output:
29650 recv(0, "USER anonymous@ftp.de.openbsd.or"..., 35, 0) = 35
=> I have typed in: .org
30226 recv(0, "USER anonymous@ftp.de.openbsd.or"..., 36, 0) = 36
30226 gettimeofday({1038481617, 376494}, NULL) = 0
30226 getpid() = 30226
30226 open("/etc/resolv.conf", O_RDONLY) = 3
30226 fstat64(3, {st_mode=S_IFREG|0644, st_size=90, ...}) = 0
30226 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
30226 read(3, "nameserver 193.101.111.10\nnamese"..., 4096) = 90
30226 read(3, "", 4096) = 0
30226 close(3) = 0
30226 munmap(0x40018000, 4096) = 0
30226 getpid() = 30226
30226 open("/etc/resolv.conf", O_RDONLY) = 3
30226 fstat64(3, {st_mode=S_IFREG|0644, st_size=90, ...}) = 0
30226 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
30226 read(3, "nameserver 193.101.111.10\nnamese"..., 4096) = 90
30226 read(3, "", 4096) = 0
30226 close(3) = 0
30226 munmap(0x40018000, 4096) = 0
30226 socket(PF_UNIX, SOCK_STREAM, 0) = 3
30226 connect(3, {sin_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110)
= -1 ENOENT (No such file or directory)
30226 close(3) = 0
30226 open("/etc/host.conf", O_RDONLY) = 3
30226 fstat64(3, {st_mode=S_IFREG|0644, st_size=370, ...}) = 0
30226 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
30226 read(3, "#\n# /etc/host.conf - resolver co"..., 4096) = 370
30226 read(3, "", 4096) = 0
30226 close(3) = 0
30226 munmap(0x40018000, 4096) = 0
30226 open("/etc/hosts", O_RDONLY) = 3
30226 fcntl64(3, F_GETFD) = 0
30226 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
30226 fstat64(3, {st_mode=S_IFREG|0644, st_size=917, ...}) = 0
30226 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
30226 read(3, "#\n# hosts This file desc"..., 4096) = 917
30226 read(3, "", 4096) = 0
30226 close(3) = 0
30226 munmap(0x40018000, 4096) = 0
30226 open("/etc/ld.so.cache", O_RDONLY) = 3
30226 fstat64(3, {st_mode=S_IFREG|0644, st_size=64, ...}) = 0
30226 old_mmap(NULL, 64, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40018000
30226 close(3) = 0
30226 open("/lib/i586/mmx/libnss_dns.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
30226 stat64("/lib/i586/mmx", 0xbfffc3dc) = -1 ENOENT (No such file or
directory)
30226 open("/lib/i586/libnss_dns.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
30226 stat64("/lib/i586", 0xbfffc3dc) = -1 ENOENT (No such file or
directory)
30226 open("/lib/mmx/libnss_dns.so.2", O_RDONLY) = -1 ENOENT (No such file
or directory)
30226 stat64("/lib/mmx", 0xbfffc3dc) = -1 ENOENT (No such file or
directory)
30226 open("/lib/libnss_dns.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
30226 stat64("/lib", {st_mode=S_IFDIR|0755, st_size=272, ...}) = 0
30226 open("/usr/lib/i586/mmx/libnss_dns.so.2", O_RDONLY) = -1 ENOENT (No
such file or directory)
30226 stat64("/usr/lib/i586/mmx", 0xbfffc3dc) = -1 ENOENT (No such file or
directory)
30226 open("/usr/lib/i586/libnss_dns.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
30226 stat64("/usr/lib/i586", 0xbfffc3dc) = -1 ENOENT (No such file or
directory)
30226 open("/usr/lib/mmx/libnss_dns.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
30226 stat64("/usr/lib/mmx", 0xbfffc3dc) = -1 ENOENT (No such file or
directory)
30226 open("/usr/lib/libnss_dns.so.2", O_RDONLY) = 3
30226 read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\16\0\000"..., 1024) =
1024
30226 fstat64(3, {st_mode=S_IFREG|0755, st_size=16184, ...}) = 0
30226 old_mmap(NULL, 15560, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x40415000
30226 mprotect(0x40418000, 3272, PROT_NONE) = 0
30226 old_mmap(0x40418000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED, 3, 0x2000) = 0x40418000
30226 close(3) = 0
30226 munmap(0x40018000, 64) = 0
30226 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
30226 connect(3, {sin_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("193.101.111.10")}}, 28) = 0
30226 send(3, "0n\1\0\0\1\0\0\0\0\0\0\3ftp\2de\7openbsd\4org "..., 37, 0)
= 37
30226 gettimeofday({1038481617, 444069}, NULL) = 0
30226 poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
30226 recvfrom(3, "0n\205\203\0\1\0\0\0\1\0\0\3ftp\2de\7openbsd\4org "...,
1024, 0, {sin_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("193.101.111.10")}}, [16]) = 112
30226 close(3) = 0
30226 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
30226 connect(3, {sin_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("193.101.111.10")}}, 28) = 0
30226 send(3, "0o\1\0\0\1\0\0\0\0\0\0\3ftp\2de\7openbsd\4org "..., 46, 0)
= 46
30226 gettimeofday({1038481617, 716641}, NULL) = 0
30226 poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
30226 recvfrom(3, "0o\205\203\0\1\0\0\0\1\0\0\3ftp\2de\7openbsd\4org "...,
1024, 0, {sin_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("193.101.111.10")}}, [16]) = 121
30226 close(3) = 0
30226 time([1038481617]) = 1038481617
30226 getpid() = 30226
30226 write(4, "ftp-child [30226] <11/28-11:06:5"..., 105) = 105
30226 select(1, [0], [0], NULL, {900, 0}) = 1 (out [0], left {900, 0})
30226 send(0, "501 Invalid destination in user "..., 39, 0) = 39
30226 select(1, [0], [], NULL, {900, 0}
On Thu, Nov 28, 2002 at 10:25:46AM +0100, Frank Sackewitz wrote:
1st sorry for the delay, was on businesstrip!
Hmm... strange. No idea what goes wrong there... The dns query is done and there seems to bee an answer, but it still doesn't work.... All the proxy does there is: ctx->magic_addr = socket_str2addr(p, INADDR_ANY); if (ctx->magic_addr == INADDR_ANY || ctx->magic_port == INPORT_ANY) { client_respond(501, NULL, "Invalid destination in user name"); syslog_write(U_WRN, "bad 'USER@' dest '%s:%s' from %s", NIL(p), NIL(q), ctx->cli_ctrl->peer); client_reinit(); return; } If you take a look to the log messages (e.g. in one of your other mails), the string variable "p" used in syslog_write contains valid hostname... The socket_str2addr calls gethostbyname... An other posibility is, you have a broken IPPORT_FTP or INPORT_ANY definition in some header file? IPPORT_FTP should be defined to 21 and INPORT_ANY to 0. If it is not defined, the proxy defines it... [...]
30226 open("/etc/resolv.conf", O_RDONLY) = 3 30226 fstat64(3, {st_mode=S_IFREG|0644, st_size=90, ...}) = 0 30226 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000 30226 read(3, "nameserver 193.101.111.10\nnamese"..., 4096) = 90 ^^^^^^^^^^^^^^^^^^^^^^^^^ [...] 30226 open("/usr/lib/libnss_dns.so.2", O_RDONLY) = 3 [...] 30226 recvfrom(3, "0o\205\203\0\1\0\0\0\1\0\0\3ftp\2de\7openbsd\4org "..., 1024, 0, {sin_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("193.101.111.10")}}, [16]) = 121 [...]
cu,
Marius Tomaschewski
Hello! Only in the last week I've started using proxy-suite; after some initial problems I managed to get it running on Solaris 8 + iPlanet LDAP SDK 5.x My question regards how passwords are handled when not connecting to anonymous sites. That is the password1@password2 convention (I found it using gdb....). This means that @ (or other character as defined in the config file) cannot be used in a password. Would it be reasonable when the proxy gets a 331 from the remote AND user password == NULL AND user password not in (anonoynous, ftp or other configurable value) to explicitly query the user for the remote password? TIA E
participants (3)
-
Edmond Dantes
-
Frank Sackewitz
-
Marius Tomaschewski