SUSE Proxy Suite

Download

proxy-suite@lists.opensuse.org

November 2004

2 participants
2 discussions

Security proxy-suite-1.9.2.2
by BOURGEOIS Frederic DSIC BEERTD CGN THESEE 24 Nov '04

24 Nov '04

Hello, We are trying to use ftp-proxy in our structure and we've noticed the following behaviour with the simple Bind to the Ldap directory. The first simple BIND made to the server ldap (Iplanet) returns the following result according to password. In Ftp-client: - With good user and bad password: result=invalid credentials , it's not ok (normal) - With good user and password : result= succeed (normal) - without password (but good user): result = succeed the proxy continues to process the ftp request (strange!) I read the code of proxy-suite-1.9.2.2, and i write a correction In ftp-ldap.c ligne 184: // Patch Fred Bug mot de passe nul if (*pwd == '\0') { syslog_write(U_ERR, "Bad password"); exit(-1); } I work on various modifications for ftp-proxy (ex: identification with Ldap Group) and that works correctly. But i have one question, i want to create policy rules for destination (not for user) Is it already possible ? For sample: permit: IPserverftp -> for all destination IP ->;cmds=ALLO,APPE,DELE,MKD,RMD,RNFR,RNTO,STOR,STOU And IPserverftp -> 10.0.0.1->;All cmds Cordially -- Cordialement Bourgeois Frédéric Ministère de l'intérieur DSIC/SDIEE/BEERTD/CGN/ Section THESEE Frederic.bourgeois (nospam) @interieur.gouv.fr

1 0

Problem with restarting downloads
by Andreas Woelling 10 Nov '04

10 Nov '04

Hello, we've been using the proxy-suite for quite a while now and it works very well. The only problem I have is, that the restarting of stopped downloads doesn't seem to work correctly (proxy-suite-1.9.2.2). A reget on a partially downloaded file downloads the whole file again (and appends it). For a test, I downloaded a file (465 bytes), truncated it to 215 bytes and did a restart 215 followed by a get. The ftpd-server-log looks like this ftpd[23428]: command: SIZE WWW.sh ftpd[23428]: <--- 213 ftpd[23428]: 465 ftpd[23428]: command: REST 215 ftpd[23428]: <--- 350 ftpd[23428]: Restarting at 215. Send STORE or RETRIEVE to initiate transfer. ftpd[23428]: command: PASV ftpd[23428]: <--- 227 ftpd[23428]: Entering Passive Mode (192,168,3,153,146,211) ftpd[23428]: command: RETR WWW.sh ftpd[23428]: <--- 150 ftpd[23428]: Opening BINARY mode data connection for 'WWW.sh' (465 bytes). ftpd[23428]: <--- 226 ftpd[23428]: Transfer complete. Doing the same thing without the proxy works. The ftpd-log says: ftpd[13305]: command: SIZE WWW.sh ftpd[13305]: <--- 213 ftpd[13305]: 465 ftpd[13305]: command: EPSV ftpd[13305]: <--- 229 ftpd[13305]: Entering Extended Passive Mode (|||37331|) ftpd[13305]: command: REST 215 ftpd[13305]: <--- 350 ftpd[13305]: Restarting at 215. Send STORE or RETRIEVE to initiate transfer. ftpd[13305]: command: RETR WWW.sh ftpd[13305]: <--- 150 ftpd[13305]: Opening BINARY mode data connection for 'WWW.sh' (465 bytes). ftpd[13305]: <--- 226 ftpd[13305]: Transfer complete. The only difference is the order of REST and PASV/EPSV. Is it possible, that the PASV command resets a REST? The proxy-configuration is the default one, except "AllowMagicUser yes". Thanks, Andreas p.s. The situation in the case of active ftp is similar.

1 0