Age | Commit message (Collapse) | Author |
|
many ways, and i wasted 2 hours finding the gems in it...
|
|
|
|
|
|
in comments.
|
|
|
|
|
|
|
|
|
|
|
|
fact RFC 1123 does say that it may not contain parenthesis, and you
just have to look at the end of the line. Tholo managed to find a
TOPS20 ftp server (toad.xkl.com) that doesn't put parens around the
reply - This fixes it so it will handle either case.
|
|
|
|
noticed by itojun, thanks.
fries, you need to catch this for what you're using with faithd
|
|
*WARNING* this means that it will die when it can't find user proxy
if you are not running with a passwd database generated from current
- Speling cleanup and missing va_end() noticed by <d.doroshenko@omnitel.net>
- fix logging of getpwnam|getgrnam failures.
|
|
|
|
|
|
a bit easier to look at, for small values of easier.
-Add two options for -u user and -g group to optionally make the proxy drop
privs after doing it's pf ioctl's to find out where to go. Running as non
root does mean that the PORT and EPRT backchannels do not come from port 20,
but this isn't a problem for most sensible ftp clients and sets of packet
filter rules that aren't written by a knuckle dragging ape living in the 90's.
I would make it drop privs by default, but technically this breaks the ftp
specs, and for the upcoming stuff to deal with EPRT, we will need root privs
to manipulate rdr rules).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
it isn't.
|
|
|
|
|
|
with your new crack pipe
|
|
modernizing and cleanup. still needs looking at.
Currently supports PORT PASV EPRT data connections with only a pf rdr to
capture the control connection. (I.E. you don't need ip forwarding
or other NAT stuff). Runs from inetd.
Supports all passive (EPSV PASV) when using -n flag, where the proxy
ignores passive mode data connections (and assumes nat will get them
through).
Todo yet:
More audit
IpV6
Handle EPSV in proxy (with an rdr added then removed)
Option to Daemonize and bind only to the loopback
More Content/Login filtering, etc. etc. and more bloat
|