View Single Post
Old 07-20-2005, 10:15 AM  
darkone
Disabled
 
darkone's Avatar
 
Join Date: Dec 2001
Posts: 2,230
Default

Quote:
Originally Posted by EwarWoo
Just a quick straw poll to see how many people consider IP checking an important compnent of your FTP usage.
In relation to this thread:
http://www.inicom.net/forum/showthread.php?t=15198

Edit:// I would vote Essential but for some reason wont let me vote or view results on the poll I posted, so whatever the results let me know and add 1 on there
This is rather pointless. How many times do I need to state, that this is something that can be scripted (there is absolutely no reason to have it hardcoded). Also, at the moment it looks like that none of the SITE commands will be hardcoded because of:

a) Use of (LUA) scripted command has neglible implication on general server performance.
b) Eventually most (all?) commands are likely to be scripted. There will be hardcoded helper functions for LUA that can be used to improve performance.
c) Io resolves client's hostname, and places it to client environment - only task left to do, is to go through list of ips stored in user/group contexts'.

pseudo-code USER command:
Code:
client = current_client();
if (is_logged_in(client)) {
  echo("530 Already logged in.");
  return;
}
user_name = get_arg_string(1, STR_END);
if (set_env(client, "UserName", user_name)) {
  echo("331 Password required for " + str(user_name));
} else {
  echo("530 Error:" + strerror(get_last_error()));
}

pseudo-code PASS command:
Code:
client = current_client();
if (is_logged_in(client)) {
  echo("530 Already logged in.");
  return;
}
user_name = get_env(client, "UserName");
if (! user_name) {
  echo("530 Use USER to login.");
  return;
}

uid = get_uid(user_name);
if (uid == INVALID_ID) {
  echo("530 Error:" + strerror(get_last_error()));
  return;
}
user = load_user(uid);
if (! user) {
  echo("530 Error:" + strerror(get_last_error()));
  return;
}
// ip-check
row_id = get_row_id(user, "Ip");
ip_cnt = get_row_count(user, row_id);
if (ip_cnt > 0) {
  match = false;
  client_host = get_env(client, "Hostname");
  client_ip = get_env(client, "Ip");
  while (ip_cnt--) {
    tmp_str = get_column_value(user, row_id, ip_cnt, 0);
    if (! str_match(client_host, tmp_str) ||
        ! str_match(client_ip, tmp_str)) {
      match = true;
      break;
    }
  }
  if (! match) {
    echo("530 Invalid username/password.");
    return;
  }
}

if (login_client(client, user, get_arg_string(1, STR_END))) {
  echo("230 Login successful.");
} else {
  echo("530 Error:" + strerror(get_last_error()));
}
darkone is offline   Reply With Quote