Opened 16 years ago

Last modified 5 years ago

#247 closed Bug report

Problems with GSS authentication

Reported by: mamoeller Owned by: Tim Kosse
Priority: normal Component: Other
Keywords: Cc: mamoeller, Tim Kosse
Component version: Operating system type:
Operating system version:

Description

I tried to use Filezilla with a my gss module
(https://sourceforge.net/projects/gssmod/) for
proftpd 1.2.8rc2 from cvs and it seems that after
the ADAT commands you issue immediatly a CWD
command which isn't allowed. Filezilla then tries
correctly to use the USER command and proftpd
returns a "331 Password required" which can be in
case of a successful ADAT a dummy password (The
internal structure of proftpd always requires a
password, although not necessary). But just here
Filezilla closes the connection. I assume it doen't
expect a 331 return code.

Markus

Status: Connecting to testserver.test.com ...
Trace: ControlSocket.cpp(118):
OnAsyncGetHostByName(0, 56, 15)
Trace: FtpControlSocket.cpp(652): OnConnect(0)
Status: Connected with testserver.test.com. Waiting
for welcome message...
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 220 ProFTPD 1.2.8rc2 Server (ProFTPD
Default Installation) [testserver.test.com]
Trace: GSSApi.dll: GFtpDoAuth
(452, "testserver.test.com", 1738637578, -
828276470, 14025606, 32768, 80, 16841580[0])
Trace: GSSApi.dll: Trying to authenticate to
<ftp@…>
Trace: GSSApi.dll: Status in line 871: 0, 0
Trace: GSSApi.dll: Status in line 901: 1, 0
Trace: GSSApi.dll: Status in line 901: 0, 0
Trace: GSSApi.dll: GSSAPI authentication succeeded
Command: CWD .
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 530 Please login with USER and PASS
Response:
ShiW+sP47uBtpcnDilHqC4BNF6FlmUT8yZuxgJWxw8
Qcj6sTqeX6/aY+73060EA1/ifrB5F92zAI+Ubsg==
Command: USER testuser
Trace: FtpControlSocket.cpp(708): DoClose(4)
Trace: FtpControlSocket.cpp(2680): ResetOperation
(4100)
Error: Unable to connect!

Change History (7)

comment:1 Changed 16 years ago by Tim Kosse

I'll look into this

comment:2 Changed 16 years ago by Tim Kosse

It looks like the server is sending invalid data (in your case
ShiW+sP47uBtpcnDilHqC4BNF6FlmUT8yZuxgJWxw8
Qcj6sTqeX6/aY+73060EA1/ifrB5F92zAI+Ubsg==), that's why
FileZilla closes the connection, that string is no valid FTP
response.
Another reason would be that FileZilla did not decrypt the
message for any reason.. I've still no solution.

comment:3 Changed 16 years ago by mamoeller

I tested the daemon with the following clients:

MIT ftp client
Heimdal ftp client
yafc
Kermit 95
Hummingbird Excceds with Security extension

All seem to work with GSSAPI authentication and encryption.


Markus

comment:4 Changed 16 years ago by mamoeller

You can run proftpd with -d -n as a standalone server and get details about
the commands received and the replies send. From a tcpdump I see that the
response from proftpd start correctly with 631(ENC) or 632(MIC)
commands. I saw previously some problems with \r\n at the end of the
message.

Regards
Markus

comment:5 Changed 16 years ago by Tim Kosse

I've found a bug in the receive GSS receive and decrypt code,
maybe that was causing the problems.
I've attached a fixed version, please tell me if it works.

comment:6 Changed 16 years ago by Tim Kosse

I've found a bug in the GSS receive code, maybe that was
causing the problems.
I've mailed you a fixed version of FileZilla. Please tell me it it
works for you.

comment:7 Changed 16 years ago by Tim Kosse

Fixed

Note: See TracTickets for help on using tickets.