Internet Surfer: Getting Started

home *** CD-ROM | disk | FTP | other *** search

/ Internet Surfer: Getting Started / Internet Surfer - Getting Started (Wayzata Technology)(7231)(1995).bin / pc / mac / bonus / peter_le / ftpd-220 / ftpd_ext.ra_ < prev next >

Wrap

Text File | 1993-10-20 | 22KB | 348 lines

Ñ Remote Site Access Restrictions You can limit the machines that can access your site by restricting access to certain ip ranges. Because this would be very messy to do in a sensible user interface, the only way to set these restrictions is by using ResEdit. From ResEdit, create a STR# resource (in either the FTPd Preferences file or FTPd (the former overrides the latter), give it an id in the range of 600-699, and a name ending of: ╥<username> Site Restriction╙ where <username> is the user you are restricting. ╥Owner Site Restriction╙ to restrict the owner. ╥User Site Restriction╙ to restrict any unspecified user. ╥Anonymous Site Restriction╙ to restrict anonymous logins. ╥Default Site Restriction╙ to restrict anyone not specified above. FTPd checks them in that order (for gopher restrictions, it checks Anonymous Site Restriction or Default Site Restriction). Each resource consits of a sequence of pairs, ip number, ip mask, both in dotted decimal format (eg 134.7.70.70). The remote ip is checked against the ip, with only the bits in the mask being relevent. If it matches then the user is allowed access. If it matches, but the ip string started with an exclamation mark then access is disallowed. The last match opverrides previous ones, and if there are no matches then access is denied. By default, FTPd has a single ╥Default Site Restriction╙ STR# resource, which contains 0.0.0.0, 0.0.0.0 so access is allowed from anywhere. Here are some examples, first if you just wanted to restrict anonymous logins to inside 134.7, and everyone else has no restriction, then you create two STR# resources, either in FTPd Preferences (which is checked first) or FTPd, like this: ╥Anonymous Site Restriction╙: 134.7.0.0,255.255.0.0 You don't need to create the ╥Default Site Restriction╙, because it already exists in FTPd, if you wish to override the default, either change it in FTPd or add a ╥Default Site Restriction╙ to FTPd Preferences. Ok, and a more complicated one, say you wanted anonymous access to everywhere inside 134.7 except 134.7.70.70, user access to everywhere inside 134.7 and 130.95, user "Fred" and the owner access from everywhere, do this: ╥Anonymous Site Restriction╙: 134.7.0.0,255.255.0.0, !134.7.70.70,255.255.255.255 ╥User Site Restriction╙: 134.7.0.0,255.255.0.0, 130.95.0.0,255.255.0.0 ╥Owner Site Restriction╙: 0.0.0.0,0.0.0.0 ╥Fred Site Restriction╙: 0.0.0.0,0.0.0.0 Note: These restrictions apply only to the control connection, not the data transfer connections, so it is still possible to use proxy-ftp to transfer files directly to a restricted machine, but the user must be connected from an allowed site. Ñ Warranty This program should do what I╒ve described in this document. If it doesn╒t, you can simply stop using it. If you pay me, and later find that it doesn╒t do what I describe here, then you can notify me and I will refund your money and cancel your license. Ñ Fine Print Peter Lewis hereby disclaims all warranties relating to this software, whether express or implied, including without limitation any implied warranties of merchantability or fitness for a particular purpose. Peter Lewis will not be liable for any special, incidental, consequential, indirect or similar damages due to loss of data or any other reason, even if Peter Lewis or an agent of his has been advised of the possibility of such damages. In no event shall Peter Lewis be liable for any damages, regardless of the form of the claim. The person using the software bears all risk as to the quality and performance of the software. Ñ Acknowledgements Thanks to RobT for suggesting the idea, to Quinn for demanding the use of System 7 U&G, and to Jager for figuring out how! Thanks to Quinn (again :) for the amazing icons and to Greg for colouring them in. And special thanks again to Jager and Quinn for figuring out my asnyc problems! And, of course, thanks to Stuart for delaying the release of this program for ages by making LOTS of suggestions, finding LOTS of bugs, and by writing Bolo! Thanks also to the UCC, Curtin, Todd, Steve, c.s.m.p, archie.au, ftp.apple.com, Farhad, Tom, Andr'e, Aron, Ben, David, Gregory, Guy, Igor, Jim, John, Ken, Leonard, Frederic, Pete, Peter, Richard (who won the award for the most mail messages (after Quinn)), Rob, Russell, Thede, Tom, Zep, and anyone who uses FTPd! I can╒t describe how important the beta testers have been in making FTPd what it is, without them FTPd would not be a shadow of what it is now. So speacial thanks go to all of you who made suggestions or pointed out problems. I tried to list you all, but I gave up, there are just too many. Some of you made so many suggestions I couldn't count them all. Some of you analyised the network packets to find out what was happening and explained where I was going wrong. Some decompiled my code and sent it back to me with corrections. Some made suggestions that involved tiny changes with great benifits. Some made outrageous demands which I refused to do, and others outrageous demands which I eventually did. All of these would have been missing if I was working on my own. Thanks. Ñ How It Works FTPd listens for TCP connections on port 21. When a connection is achieved, it waits for commands to be sent to it. Commands all have a simple form, there is a 3 or 4 character command (eg, RETR for retrieve file), and some parameters (eg, filename). FTPd interprets these commands, carries out there actions, and replies with a one line message, the first three characters of which are a 3 digit reply that can be interpreted by the FTP client, then the rest is human readable information. The reply codes are 1yz for preliminary success (action started), 2yz for complete success (action finished successfully), 3yz for intermediate success (requires another command before any action is taken), 4yz for temporary failure (try again later), and 5yz for permanent failure (give up and go home). For more information on the formats of these commands see the various FTP related RFCs. Some commands may reply with a multiline response, in which the first line begins with a three digit response code followed by a dash ╥-╙ followed by several lines of text and terminated by a line with the same response code and a space followed by some text. This confuses some servers, you can disable this feature by starting your username or password with a dash ╥-╙. FTPd also listens to port 70 for gopher connections. It then accepts a single line specifying either a folder, file, or index, and returns the info for it. The gopher server logs in as an AppleShare guest user, so guest access must be enabled (it was either that, or FTPd would have to know a user password, which I want'ed to avoid). The root of the gopher tree is specified by the login directory for fake user ╥Gopher╙ (it defaults ot /). This root is enforced, so you can╒t have aliases pointing to folders outside this area (well, you can, but it won't work very well) (aliases to files outside the area work). You can reduce this restriction with the ╥GopherRoot╙ user directory, but that will allow anyone knowledgable in the gopher protocol to get at any file inside that root. FTPd talks to the file system on the local Mac (and other servers) exclusively by using the same protocols as if it were accessing an AppleShare server (the single exception is the startup messages which are read via normal file system calls). The user logs in by giving a user name and password. This in turn is passed to the System 7 server (or AppleShare server) and an attempt is made to log in to the server. If the log in fails, and attempt is made to log in as a guest user. If either attempt succeeds, the volume is made available to the user. If the user tries to log in as either the owner or a user, they must successfully (non-anonymously) log in to at least one local volume or the whole connection is disallowed. Since all file system access is done through the AppleShare protocols, it should be virtually impossible to circumvent their protections. You should set up your system in such a way that irrespective of the privleges in FTPd Setup (which are not guarantied in any way!) the user can not do too much damage. Thus users and guest should only have write privleges to areas of your file system that you wish them to be able to trash. The ASCII character translation is done because the Macintosh uses ASCII (00-7F) plus other international characters (80-FF). Other computers use similar character extensions, but in a different ╥order╙. Computers can exchange text only if they ╥talk╙ with the same character code on communication lines (this has been recognized for a long time with the use of 7-bit ASCII). The interchange character code standard closest to the Macintosh code is ISO 8859-1 (it applies to the group of languages called Latin-1). Several computers use ISO 8859-1 as their native code (DEC, Unix...), a wise choice as these simply send/receive their data as 8-bit bytes unchanged. Others, like the Mac and PC, have to translate their own code to appear to other computers as if they were using ISO 8859-1. This is what ╥ISO 8859-1 translation option╙ does in FTPd: every character of text put to the line is translated from Mac to ISO, and conversely. Note that translation never occurs in ╥binary╙ mode and that translation in ╥text╙ mode introduces another reason (as well as end-of-line representation) to choose the correct mode carefully. Also note that, for text transfer to be effectively and correctly translated, the other party must either use ISO 8859-1 or use the same feature as FTPd. However, if the other party, direct or indirect, is known to be a Macintosh, then you should always use Macbinary or Binhex transfers to preserve icons etc... In addition to computers using native ISO 8859-1, programs known to translate text the same revertible way as FTPd are Fetch (on the Mac) and IBM's TCP/IP with correct the translation table. Should your Macintosh use a non-Latin1 code, the two tables in resource 'taBL' would have to be changed to translate to the appropriate ISO 8859-x standard. These tables are the inverse of each other so that each character translate to a unique one, always leaving ASCII unchanged, and return to a Mac unchanged from what was sent (round trip integrity). Ñ Version History Still to do - Bugs: Retrieving a file open by another app goes bang - Dj Padzensky Occasionally stops answering requests on some machines Rename fails on one machine very short .hqx files fail turn virtual memory on Mac will freeze if the password is incorrect? More parseable log file date time IP user id action file >MM/DD/YY <tab> HH:MM:SS <tab> User <tab> <action> tab <comments> log transfer completion status (success, abort, failure, whatever) Font/size spec for the log window (Greg says ResEdit is ok) Bytes transfered per session, and session time, for the log file. Display the file transfer mode (hqx, bin, etc) in the log file. Set min freespace for download for each user class in Privs. Way of setting the FTP and Gopher ports? Bring to the front on New Connection. Gopher site index displays files/folders outside the gopher folder. Could you add Cut/Copy/Paste to the Gopher Link setup? How about a way to order Gopher items? Or is this only alphabetic? Notice AppleShare disconnect and close the ftp control connection Support mkdir that retains privileges. Add .bin/.sit on directories support Checkbox for GF option, instead of GF version hack. Configure menu in FTPd that launches FTPd Seup? FTPd Setup menu to convert FTPd from background<->foreground. Log file "put" and "get" with full paths? Way to automagically trim the log file? Perhaps SMTP Email the log file? Zoom the log window at startup? Gopher: CSO qi phone book server support? gopher access to wais .src files Probably never: Add files in the root directory FTPd ReadMe and Site ReadMe Telnetd Support. Gopher+ - hmm, maybe not, it seems unduely complicated Remote monitoring of log files Have FTPd Setup monitor the log file. More control over the log file: Where to put it, how much to log. LogWindow - resizeable,zoom, save positions, etc etc - no! Option to hide Trash, Desktop Folder, etc... Open File Sharing Monitor when incoming sessions occur. Impossible or very difficult: Some way to get the vers (Get Info) stuff for a file Reverse name lookup in log files. Initialize the user directories list to the list of AppleShare users. Perhaps set the SF location to the gopher root on boot? gopher remote ftp Unverified: Users without a password don't work? BinHex problems with TurboGopher 1.0.6? FTPd Setup can't disable "Add .hqx" - R.S.Jones@qmw.ac.uk connection reset bug? - perhaps fixed by MacTCP 1.1.1? 2.2.0d1 ~Use port 20 for Active data connections, should improve behavious with firewalls ~Attempt to support A/UX's lack of mtcp gestalt selector ~Support append (APPE) command ~Support for the SIZE command (but its approximate!) ~Put FTP and gopher port (21&70) into STR# resources 2.1.1d4 ~Added option to display file size in gopher listsings ~Added support for TextToSpeach manager ~Fixed gopher error message ~Fixed bug that stopped gopher type changes from being saved ~added ╥safeget╙ feature to simplify prefs management ~Added CautionAlert for Server and Far Server privs 2.1.1d3 ~Handle the virtual "." directory (for current directory) ~Fixed FillWindow to work with small log files. ~Fixed JPEG and GIFf gopher display ~added handling for LIST *.hqx, so mget *.hqx works. 2.1.0d3 ~Improved security, users and owner MUST log in to at least one local volume. ~Fixed SMNT and SITE commands to allow slashes ~Minor change to balloon help ~Fixed ":" option in Prefs window (wasnt being saved) 2.1.0d2 ~Gopher window add link etc selects item ~Notification sound for connections. ~Option to hide log window when in the background. ~GIF,JPEG support? ~Way to specify the host name for this Mac. ~gopher remote telnet ~Implement the Security window to give control over what commands are allowed ~If you open preferences (in this case the default use logon path), and make a change eg the default path, then click "Cancel" the change is applied anyway. 2.1.0d1 ~support SITE A QUIT <creator>, SITE A OAPP <creator>, and SITE A LIST. ~added -t option to listings to display the type/creator of files. ~button for Edit Attributes - double click should not be required ~option-double clicking Folders open's a new Gopher Listing Window. ~support SMNT Volume:Server[@Zone][:username[:password]] - mount a volume. ~Sort the gopher directory. ~TurboGopher+1.6 sends "<tab>+" invalid line to FTPd? - accept and ignore it ~Debilitatin Gopher bug that leaves all the files/folders unaccessible. ~Doesn't notice enabling gopher without restarting FTPd. ~No balloon help for Add index Entry. ~Retry count balloon help and static text messages differ. ~Drop folders don't have the x bit set. ~PASV command doesn't work with proxy ftp? ~FTPd doesn't notice changes to the translation prefs unless restarted. ~Fixed some capitilizations in the various FTPd Setup windows. 2.0.1 Fourth release (1 day later!) ~Fixed a bug in FTPd Setup that could eat users' files. 2.0.0 Third release 2.0.0d17 ~FTPd Setup, Gopher Listing needs to recognize Aliases to folders. ~Fixed a glitch with listing a folder with a single folder in it ~Changed the log strings abit to allow easier parsing. 2.0.0d14 ~Send "Transfer Finished" after last send in Send Format (might speed up the close) ~Long TCP close time after file transfer? ~Disabled some DebugStrs that probably shouldnt have been there. ~Reduce the size of Get and List connections the combination of those three caused these crashes: ~File transfer crashes - Scott Gruby ~Listing crashes - John Norstad ~Fixed a bug that caused alias resolution to fail (forgot to initialize the path, oops) ~Added GopherRoot user to allow aliases to point outside the Gopher tree. ~Link files owned by FTPd Setup, double clicking them opens Gopher Listing. ~Don't add .hqx to the end of folder aliases ~SetPort to stop List Clicks in Gopher Listing from failing (maybe) 2.0.0d10 ~Long TCP close time after file transfer - might help. ~Alias support - its impossible, but do it anyway. ~Option to disable .hqx in gopher listings ~Preference for ignoring / ~Need to do reverse name lookup for name ~Don't list folders the user can't access ~Extend close timeout from 20 seconds to 2 minutes - THANKS JOHN!!!!! 2.0.0d8 ~archie-like index support ~SITE INDEX as a synonym for SITE F ~Only log in to volumes you can access (Gopher and FTP) ~Gopher logging ~editable type field ~Gopher links not read by gopher listing? ~Support user directory for user "gopher" to set the gopher root ~Handle Revert on user directory listing properly 2.0.0d7 ~Gopher UI for defining links and renaming files ~Enable/Disable FTPd/Gopher independently 2.0.0d6 ~Support Scrambled&Two-way passwords. 2.0.0d5 ~Fixed an annoying bug that caused the server to occasionally lock connections up. (if it got more than 10 events in a row, it lost the last one!) ~Run in either foreground or background depending on the SIZE=-1 backgroundonly bit ~Foreground log window 2.0.0d2 ~IP restrictions (as for ftp, but username gopher, userkind Guest). ~Fixed a bug that could give spurious errors during MacBinary receives. 2.0.0d1 ~Initial gopherd implementation 1.2.0d3 ~A way of setting folder privs 1.2.0d2 ~Support options to NLST and LIST -CspFl (cols, size in k, dir/, long) ~A way of changing passwords. 1.2.0d1 ~Handle changing from EtherTalk <-> Localtalk network connections. 1.1.0 - Second official release 1.1.0d10 ~Fixed a async crash bug ~Display the trasfer size in ╥get╙ commands. ~Use Fetch Preferences╒ suffix mappings to set the type/creator on binary put╒s. 1.1.0d8 ~More than 100 files in a directory. - now 200. ~Transfer speed - via transfer buffer sizes - buffer sizes were increased 2.5 times ~Access to files with a / in their name by doubling the / ~Notice write protected folders and refuse the STOR etc commands immediately ~Drop folder writes don't work. ~ISO character translation on file names and TEXT files ~Added Remote Site Restrictions ~Fixed a bug that caused problems if there was more than 20 servers in your zone ~Changed "Add .hqx" to not add .hqx for TEXT files ~Fixed an address error crash on 68000 machines ~Fixed a ReleaseResource/DisposHandle bug ~Fixed a bug with GetMHandle and PopupMenus (well, Apple fixed a bug which broke my code, so I fixed my code, hope it doesn╒t break Apple╒s! :-) Think about it - all the following happened before FTPd was even released to the public: 1.0.9 - First Official Release ~Added Balloon Help to FTPd Setup 1.0.9b ~Changed to use a limited number of async logins to avoid problems with XPP ~Locks up looking for a server - added timeout and fixed a bug. ~Fixed a security loophole - disabling all access to users and guest didn't always. ~Added support for ls -F ~An option to add ".hqx" to the end of all file names in all listings. ~Removed the distinction between Local and Shared Points (whatever it was before :) 1.0.8b ~Added logging of login failures. ~Added the number of volumes to the login message. ~Send a sensible message when file sharing is not active. ~Fixed a bug with SITE F which locked up if it found >100 files. ~Fixed an evil evil bug with Async logins. ~Changed lists unit to be ptr based instead of handle based. ~Closed the volumes before logging out so the Finder updates the little heads correctly. 1.0.7b ~Fixed a bug that caused problems if the Start or Folder Info files were to big. ~Improved Server logins, it should now not freeze your Mac and should be faster to login in, though still very slow. ~Fixed a bug that made FTPd miss the start of binhex files. ~Changed SITE X to SITE Q. ~Added help on SITE ? commands: remotehelp "site f" for example... 1.0.6b ~Fixed an annoying NBP lookup bug. ~Translate 8 bit to 7 bit characters when sending ascii files. ~Added command SITE F <filename> to return all the matching filenames. ~Fixed a bug that might speed up RETRieves a bit (and was very stupid!) ~Added username to all log entries (get, put, del, etc) ~Added primitive AE support to FTPd Setup 1.0.5b ~Added a checkbox to disable the log file (and disable it by default) ~Restructure the files/folders used by FTPd. There is now a folder called ╥FTPd Preferences ─╙ in the Preferences folder that contains the FTPd Preferences file, the FTPd Log file, and optionally the Startup Messages folder (which can also reside in FTPd╒s folder). ~Name Startup Message file is displayed to user Name on login. ~Start the messages on the NNN- line (so NNN-first line of file). ~Fixed it so that file names that start with a space are handled correctly. ~Changed it so that Thingy Startup & !Folder Info are both returned at startup. ~Fix a bug with the time stamps in MacBinary files. 1.0.4b ~Far servers ~Improved error reporting. ~Fix a bug that caused retrieves to fail. 1.0.3b ~Honour invisible files. ~Maximum of 48 files listed (4k limit I expect). Should be maximum of 100 (or more even?). ~Include GetInfo comments in MacBinary transfer. ~User definable text displayed on startup and dir entry? ~Maximum number of users. ~Idle time out setting. ~User time restrictions? Suport "only after X, or before Y" time restriction. 1.0.2b ~terminate the connection after five minutes or three failed logins. ~Support logins only when mac is idle. ~Support copy_inhibit. ~Fix up CRC calculation in MacBinary code. ~MacBinary and/or BinHex still broken - think I've got all the bugs out. 1.0.1b ~Close connection after three failed logins. ~QuitBoth in Setup. ~Abort fails ~Background only app 1.0.0b ~Notice prefs changes on the fly. ~Prefs for login directories. ~Doesnt start up MacTCP by itself. ~Fix log. ~Prefs for MacBinary default on/off.