9front - general discussion about 9front
 help / color / mirror / Atom feed
* [9front] ip/ftpd patch with tls support.
@ 2021-04-23 19:47 james palmer
  2021-04-23 21:29 ` Lyndon Nerenberg (VE7TFX/VE6BBM)
  0 siblings, 1 reply; 10+ messages in thread
From: james palmer @ 2021-04-23 19:47 UTC (permalink / raw)
  To: 9front

hello,

i have added support for ftps to ip/ftpd and tried to clean it up a bit.
old challenge response auth and noworld checks are gone.
if anybody misses these features i can add them and update the patch.

to use tls you will need to generate a certificate, add the key to factotum and
edit /rc/bin/service/tcp21 to have "-c <path to cert>" in the commandline.
if you want to use tls with anonymous login you will need to edit /lib/namespace.ftp
to not bind over the root.

patch is here:
http://okturing.com/src/10937/body

thanks,
- james

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [9front] ip/ftpd patch with tls support.
  2021-04-23 19:47 [9front] ip/ftpd patch with tls support james palmer
@ 2021-04-23 21:29 ` Lyndon Nerenberg (VE7TFX/VE6BBM)
  2021-04-24  7:58   ` sirjofri
  2021-04-24 15:12   ` james palmer
  0 siblings, 2 replies; 10+ messages in thread
From: Lyndon Nerenberg (VE7TFX/VE6BBM) @ 2021-04-23 21:29 UTC (permalink / raw)
  To: 9front, james palmer

james palmer writes:

> old challenge response auth and noworld checks are gone.
> if anybody misses these features i can add them and update the patch.

Can you be a bit more detailed about what this means?

--lyndon

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [9front] ip/ftpd patch with tls support.
  2021-04-23 21:29 ` Lyndon Nerenberg (VE7TFX/VE6BBM)
@ 2021-04-24  7:58   ` sirjofri
  2021-04-24  8:13     ` hiro
                       ` (3 more replies)
  2021-04-24 15:12   ` james palmer
  1 sibling, 4 replies; 10+ messages in thread
From: sirjofri @ 2021-04-24  7:58 UTC (permalink / raw)
  To: Lyndon Nerenberg (VE7TFX/VE6BBM)

Hey,

23.04.2021 23:29:59 Lyndon Nerenberg (VE7TFX/VE6BBM) <lyndon@orthanc.ca>:
> james palmer writes:
>> old challenge response auth and noworld checks are gone.
>> if anybody misses these features i can add them and update the patch.
>
> Can you be a bit more detailed about what this means?

I don't have the original mail, it seems, but the old challenge-response 
didn't work properly anyways. I tested the tool that generates the 
response from the challenge, and whatever challenge I entered, the 
response was always the same.

Is ftpd with tls support the same as ftps? Then I'd really love this 
patch applied soon (but stable), it would be a better replacement for 
cifsd. That said, I can also test things out and read the code.

sirjofri

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [9front] ip/ftpd patch with tls support.
  2021-04-24  7:58   ` sirjofri
@ 2021-04-24  8:13     ` hiro
  2021-04-24  9:00     ` Steve Simon
                       ` (2 subsequent siblings)
  3 siblings, 0 replies; 10+ messages in thread
From: hiro @ 2021-04-24  8:13 UTC (permalink / raw)
  To: 9front

why do you prefer ftp over cifs?

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [9front] ip/ftpd patch with tls support.
  2021-04-24  7:58   ` sirjofri
  2021-04-24  8:13     ` hiro
@ 2021-04-24  9:00     ` Steve Simon
  2021-04-24 15:03       ` james palmer
  2021-04-24 15:01     ` james palmer
  2021-04-24 19:34     ` Lyndon Nerenberg (VE7TFX/VE6BBM)
  3 siblings, 1 reply; 10+ messages in thread
From: Steve Simon @ 2021-04-24  9:00 UTC (permalink / raw)
  To: 9front


ftp does not support seek, whereas cifs does.

reading the last block of a large file or, worse, tail -f can be very painful over ftp.

-Steve


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [9front] ip/ftpd patch with tls support.
  2021-04-24  7:58   ` sirjofri
  2021-04-24  8:13     ` hiro
  2021-04-24  9:00     ` Steve Simon
@ 2021-04-24 15:01     ` james palmer
  2021-04-24 19:34     ` Lyndon Nerenberg (VE7TFX/VE6BBM)
  3 siblings, 0 replies; 10+ messages in thread
From: james palmer @ 2021-04-24 15:01 UTC (permalink / raw)
  To: 9front mailing list

Quoth sirjofri+ml-9front@sirjofri.de
> I don't have the original mail, it seems, but the old challenge-response 
> didn't work properly anyways.

it worked fine for me. the code changes if a valid challenge is entered.

> Is ftpd with tls support the same as ftps? Then I'd really love this 
> patch applied soon (but stable), it would be a better replacement for 
> cifsd.

yes, this is ftps.
it supports both implicit ftps (over port 990) and
explicit ftps.

- james

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [9front] ip/ftpd patch with tls support.
  2021-04-24  9:00     ` Steve Simon
@ 2021-04-24 15:03       ` james palmer
  0 siblings, 0 replies; 10+ messages in thread
From: james palmer @ 2021-04-24 15:03 UTC (permalink / raw)
  To: 9front mailing list

Quoth steve@quintile.net:
> 
> ftp does not support seek, whereas cifs does.
> 
> reading the last block of a large file or, worse, tail -f can be very 
> painful over ftp.
> 
> -Steve
> 
>

ftp can seek once using the rest command.
reading just the end of a file will work fine
if the client supports it.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [9front] ip/ftpd patch with tls support.
  2021-04-23 21:29 ` Lyndon Nerenberg (VE7TFX/VE6BBM)
  2021-04-24  7:58   ` sirjofri
@ 2021-04-24 15:12   ` james palmer
  1 sibling, 0 replies; 10+ messages in thread
From: james palmer @ 2021-04-24 15:12 UTC (permalink / raw)
  To: 9front mailing list

Quoth lyndon@orthanc.ca:
> james palmer writes:
> 
> > old challenge response auth and noworld checks are gone.
> > if anybody misses these features i can add them and update the patch.
> 
> Can you be a bit more detailed about what this means?
> 
> --lyndon
> 

the challenge response auth would give you a challenge to give to netkey, and you would type the response as the password. i removed this, you now log in with your regular password (only allowed over tls).

the noworld checks allowed users in the noworld group to login with their password, with a restricted set of permissions. the noworld group is id 9999 and does not exist by default on 9front.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [9front] ip/ftpd patch with tls support.
  2021-04-24  7:58   ` sirjofri
                       ` (2 preceding siblings ...)
  2021-04-24 15:01     ` james palmer
@ 2021-04-24 19:34     ` Lyndon Nerenberg (VE7TFX/VE6BBM)
  2021-04-26  6:34       ` james palmer
  3 siblings, 1 reply; 10+ messages in thread
From: Lyndon Nerenberg (VE7TFX/VE6BBM) @ 2021-04-24 19:34 UTC (permalink / raw)
  To: 9front, sirjofri

sirjofri writes:
> Is ftpd with tls support the same as ftps? Then I'd really love this 
> patch applied soon (but stable), it would be a better replacement for 
> cifsd. That said, I can also test things out and read the code.

No.  ftps just wraps the existing FTP conctions in TLS, the same
way https wraps http.  The other method is defined in RFC 4217; it
adds the AUTH TLS command which acts in a manner similar to SMTP's
STARTTLS, allowing you to upgrade the control connection from plain-
text to encrypted.

--lyndon

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [9front] ip/ftpd patch with tls support.
  2021-04-24 19:34     ` Lyndon Nerenberg (VE7TFX/VE6BBM)
@ 2021-04-26  6:34       ` james palmer
  0 siblings, 0 replies; 10+ messages in thread
From: james palmer @ 2021-04-26  6:34 UTC (permalink / raw)
  To: 9front mailing list

Quoth lyndon@orthanc.ca:
> sirjofri writes:
> > Is ftpd with tls support the same as ftps? Then I'd really love this 
> > patch applied soon (but stable), it would be a better replacement for 
> > cifsd. That said, I can also test things out and read the code.
> 
> No.  ftps just wraps the existing FTP conctions in TLS, the same
> way https wraps http.  The other method is defined in RFC 4217; it
> adds the AUTH TLS command which acts in a manner similar to SMTP's
> STARTTLS, allowing you to upgrade the control connection from plain-
> text to encrypted.
> 
> --lyndon
>

this patch handles both methods of ftp with tls.

- james.

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2021-04-26  9:41 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-23 19:47 [9front] ip/ftpd patch with tls support james palmer
2021-04-23 21:29 ` Lyndon Nerenberg (VE7TFX/VE6BBM)
2021-04-24  7:58   ` sirjofri
2021-04-24  8:13     ` hiro
2021-04-24  9:00     ` Steve Simon
2021-04-24 15:03       ` james palmer
2021-04-24 15:01     ` james palmer
2021-04-24 19:34     ` Lyndon Nerenberg (VE7TFX/VE6BBM)
2021-04-26  6:34       ` james palmer
2021-04-24 15:12   ` james palmer

9front - general discussion about 9front

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/9front

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 9front 9front/ http://inbox.vuxu.org/9front \
		9front@9front.org
	public-inbox-index 9front

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.9front


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git