Oberon || Compiler & Tools || Library || Module Index || Search Engine

Ulm's Oberon System:


adis-ftpup - read user name and password for a FTP session


adis-ftpup [-t timeout] command


adis-ftpup processes the login part of a FTP session, requiring a user name and a password, and passes the credentials without further checks to command in conformance to the checkpassword interface of Dan J. Bernstein, see http://cr.yp.to/checkpwd/interface.html.

By default, there is a time limit that drops the connection after 60 seconds of inactivity. The option -t allows to specify another time limit in seconds. A time limit of 0 permits connections to hang for infinite periods.

adis-ftpup expects file descriptor 0 (standard input) to be connected to a bi-directional network connection where, in conformance to the FTP protocol (see RFC 959, 5.4), a connection greeting must have already been sent to the FTP client. Following set of FTP commands is supported:

takes a user name and returns with a code of 331.
sets the password, returns with a code of 230, and causes the initial session of adis-ftpup to be finished.
is always responded with a code of 500.
terminates the connection without proceeding to command.
is answered by a code of 200.
is always responded with a code of 226.

All other FTP commands are, in deviance from the minimal set specified by RFC 959 (section 5.1), rejected with a code of 502. It is not possible, for example, to set transfer parameters before finishing authorization.

If successful (by seeing a syntactically valid PASS command), command is invoked that inherits the open bidirectional connection on file descriptor 0, and gets, in conformance to the checkpassword interface, the credentials passed via file descriptor 3 using a pipeline. It waits then until command is finished and exits with an exit code of 0.

adis-ftpup supports pipelining (see FTPEngine) according to http://cr.yp.to/ftp/pipelining.html.


adis-ftpup requires itself no root or other special privileges. But, under the assumption that it is normally run under root privileges, adis-ftpup

The supplied credentials are passed to the checkpassword interface only. They are not revealed otherwise.

The security considerations of FTPRequests apply.


possible plug-in that performs the authentication.
allows to continue a FTP session in case of a successful authentication.
implements USER, PASS, and ACCT.
implements QUIT, NOOP, and ABOR.
implements general session engine for a FTP server.
recommended listener that is documented on http://cr.yp.to/ucspi-tcp/tcpserver.html. Note that option -B must not be forgotten to send the connection greeting.


The idea to modularize Internet services in a series of consecutive processes that

is derived from the typical setup of the POP3 service for Qmail by Dan J. Bernstein.


adis-ftpup deliberately deviates from the minimal set of FTP commands required by RFC 959 (section 5.1). It does so by design for the sake of simplicity. The latter is achieved by sharing the checkpassword interface with services like qmail-popup(1) without bloating it up with more status informations.

The PASS command is answered by an immediate return code of 230 that indicates that the authorization was successful while, however, the login credentials will be checked later by command that usually decides to close the connection in case of authorization failures. Hence, an invalid combination of login and password is noted by a connection loss instead of a return code stating this.

There is no option yet that allows the connection greeting to be provided. This would make the invocation of adis-ftpup easier using listeners other than tcpserver(1).

Edited by: borchert, last change: 2001/12/06, revision: 1.2, converted to HTML: 2001/12/06

Oberon || Compiler & Tools || Library || Module Index || Search Engine