Oberon || Compiler & Tools || Library || Module Index || Search Engine

Ulm's Oberon System:
adis-ftpup

NAME

adis-ftpup - read user name and password for a FTP session

SYNOPSIS

adis-ftpup [-t timeout] command

DESCRIPTION

adis-ftpup processes the login part of a FTP session, requiring a user name and a password, and passes the credentials without further checks to command in conformance to the checkpassword interface of Dan J. Bernstein, see http://cr.yp.to/checkpwd/interface.html.

By default, there is a time limit that drops the connection after 60 seconds of inactivity. The option -t allows to specify another time limit in seconds. A time limit of 0 permits connections to hang for infinite periods.

adis-ftpup expects file descriptor 0 (standard input) to be connected to a bi-directional network connection where, in conformance to the FTP protocol (see RFC 959, 5.4), a connection greeting must have already been sent to the FTP client. Following set of FTP commands is supported:

USER: takes a user name and returns with a code of 331.
PASS: sets the password, returns with a code of 230, and causes the initial session of adis-ftpup to be finished.
ACCT: is always responded with a code of 500.
QUIT: terminates the connection without proceeding to command.
NOOP: is answered by a code of 200.
ABOR: is always responded with a code of 226.

All other FTP commands are, in deviance from the minimal set specified by RFC 959 (section 5.1), rejected with a code of 502. It is not possible, for example, to set transfer parameters before finishing authorization.

If successful (by seeing a syntactically valid PASS command), command is invoked that inherits the open bidirectional connection on file descriptor 0, and gets, in conformance to the checkpassword interface, the credentials passed via file descriptor 3 using a pipeline. It waits then until command is finished and exits with an exit code of 0.

adis-ftpup supports pipelining (see FTPEngine) according to http://cr.yp.to/ftp/pipelining.html.

SECURITY CONSIDERATIONS

adis-ftpup requires itself no root or other special privileges. But, under the assumption that it is normally run under root privileges, adis-ftpup

invokes no external commands except for command,
does not access the file system (no configuration files, no logs), and
does not connect to other services.

The supplied credentials are passed to the checkpassword interface only. They are not revealed otherwise.

The security considerations of FTPRequests apply.

ACKNOWLEDGEMENTS

The idea to modularize Internet services in a series of consecutive processes that

listen on a port (inetd or tcpserver),
check the client connection (tcp wrappers by Wietse Venema),
read in the login credentials (adis-ftpup),
check them in a separate plug-in (checkpassword or adis-ftplogin), set user and group IDs, and
run the rest of the session in user mode (adis-ftpsession),

is derived from the typical setup of the POP3 service for Qmail by Dan J. Bernstein.

BUGS

adis-ftpup deliberately deviates from the minimal set of FTP commands required by RFC 959 (section 5.1). It does so by design for the sake of simplicity. The latter is achieved by sharing the checkpassword interface with services like qmail-popup(1) without bloating it up with more status informations.

The PASS command is answered by an immediate return code of 230 that indicates that the authorization was successful while, however, the login credentials will be checked later by command that usually decides to close the connection in case of authorization failures. Hence, an invalid combination of login and password is noted by a connection loss instead of a return code stating this.

There is no option yet that allows the connection greeting to be provided. This would make the invocation of adis-ftpup easier using listeners other than tcpserver(1).

Edited by: borchert, last change: 2001/12/06, revision: 1.2, converted to HTML: 2001/12/06