Opened 22 years ago
Last modified 11 years ago
#247 closed Bug report
Problems with GSS authentication
| Reported by: | mamoeller | Owned by: | Tim Kosse |
|---|---|---|---|
| Priority: | normal | Component: | Other |
| Keywords: | Cc: | mamoeller, Tim Kosse | |
| Component version: | Operating system type: | ||
| Operating system version: |
Description
I tried to use Filezilla with a my gss module
(https://sourceforge.net/projects/gssmod/) for
proftpd 1.2.8rc2 from cvs and it seems that after
the ADAT commands you issue immediatly a CWD
command which isn't allowed. Filezilla then tries
correctly to use the USER command and proftpd
returns a "331 Password required" which can be in
case of a successful ADAT a dummy password (The
internal structure of proftpd always requires a
password, although not necessary). But just here
Filezilla closes the connection. I assume it doen't
expect a 331 return code.
Markus
Status: Connecting to testserver.test.com ...
Trace: ControlSocket.cpp(118):
OnAsyncGetHostByName(0, 56, 15)
Trace: FtpControlSocket.cpp(652): OnConnect(0)
Status: Connected with testserver.test.com. Waiting
for welcome message...
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 220 ProFTPD 1.2.8rc2 Server (ProFTPD
Default Installation) [testserver.test.com]
Trace: GSSApi.dll: GFtpDoAuth
(452, "testserver.test.com", 1738637578, -
828276470, 14025606, 32768, 80, 16841580[0])
Trace: GSSApi.dll: Trying to authenticate to
<ftp@…>
Trace: GSSApi.dll: Status in line 871: 0, 0
Trace: GSSApi.dll: Status in line 901: 1, 0
Trace: GSSApi.dll: Status in line 901: 0, 0
Trace: GSSApi.dll: GSSAPI authentication succeeded
Command: CWD .
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 530 Please login with USER and PASS
Response:
ShiW+sP47uBtpcnDilHqC4BNF6FlmUT8yZuxgJWxw8
Qcj6sTqeX6/aY+73060EA1/ifrB5F92zAI+Ubsg==
Command: USER testuser
Trace: FtpControlSocket.cpp(708): DoClose(4)
Trace: FtpControlSocket.cpp(2680): ResetOperation
(4100)
Error: Unable to connect!
Change History (7)
comment:1 by , 22 years ago
comment:2 by , 22 years ago
It looks like the server is sending invalid data (in your case
ShiW+sP47uBtpcnDilHqC4BNF6FlmUT8yZuxgJWxw8
Qcj6sTqeX6/aY+73060EA1/ifrB5F92zAI+Ubsg==), that's why
FileZilla closes the connection, that string is no valid FTP
response.
Another reason would be that FileZilla did not decrypt the
message for any reason.. I've still no solution.
comment:3 by , 22 years ago
I tested the daemon with the following clients:
MIT ftp client
Heimdal ftp client
yafc
Kermit 95
Hummingbird Excceds with Security extension
All seem to work with GSSAPI authentication and encryption.
Markus
comment:4 by , 22 years ago
You can run proftpd with -d -n as a standalone server and get details about
the commands received and the replies send. From a tcpdump I see that the
response from proftpd start correctly with 631(ENC) or 632(MIC)
commands. I saw previously some problems with \r\n at the end of the
message.
Regards
Markus
comment:5 by , 22 years ago
I've found a bug in the receive GSS receive and decrypt code,
maybe that was causing the problems.
I've attached a fixed version, please tell me if it works.
comment:6 by , 22 years ago
I've found a bug in the GSS receive code, maybe that was
causing the problems.
I've mailed you a fixed version of FileZilla. Please tell me it it
works for you.
I'll look into this