Oberon || Library || Module Index || Search Engine || Definition || Module


Ulm's Oberon Library:
FTPAuthReader


NAME

FTPAuthReader - handler of FTP authorization commands

SYNOPSIS

TYPE AuthHandlerProc =
   PROCEDURE (session: FTPSessions.Session;
              VAR message: ARRAY OF CHAR) : BOOLEAN;


PROCEDURE AddHandler(session: FTPSessions.Session; handler: AuthHandlerProc);

PROCEDURE Authorized(session: FTPSessions.Session) : BOOLEAN; PROCEDURE GetUserName(session: FTPSessions.Session; VAR name: ARRAY OF CHAR); PROCEDURE GetPassword(session: FTPSessions.Session; VAR password: ARRAY OF CHAR);

DESCRIPTION

FTPAuthReader provides a FTP command handler (see FTPSessions) that processes the FTP commands FTPCommands.user, FTPCommands.pass, and FTPCommands.acct.

AddHandler installs a handler for session that processes the three FTP authorization commands of RFC 959 and invokes handler as soon a user name and an associated password are provided. handler is expected to return in dependance of the supplied credentials either TRUE in case of a successful authorization or FALSE otherwise. A short response text is to be stored in message.

GetUserName and GetPassword return the credentials transmitted earlier to the FTP commands FTPCommands.user and FTPCommands.pass, respectively.

Authorized returns TRUE if a user name and a password were supplied. It does not, however, tell whether the authorization was successful. This is indicated by the public component authorized of session.

DIAGNOSTICS

FTPAuthReader does not generate any error events on itself. The handler passwd to AddHandler is expected to relate any error events to session.

SECURITY CONSIDERATIONS

Care should be taken to prevent secret passwords from being logged. This is neither done by FTPAuthReader nor by FTPLoggers.

The authentication handler should not reveal in its message details of authorization failures. Instead these should, if necessary, packaged in error events that are related to session.

While FTPAuthReader supports multiple authorizations in one session, it is not recommended to accept this as other FTP command handlers are not necessarily prepared for re-initializations. Instead it is better to run a non-anonymous FTP service in three phases:

BUGS

Username and password are silently cut after 64 bytes.
Edited by: borchert, last change: 2001/05/08, revision: 1.1, converted to HTML: 2001/05/08

Oberon || Library || Module Index || Search Engine || Definition || Module