ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD. |
11-05-2007, 05:51 AM
|
#16
|
Too much time...
FlashFXP Beta Tester ioFTPD Administrator
Join Date: May 2005
Posts: 1,194
|
noelek: Can you be a bit more specific? I probably have messed something up in the obscuring logic but I need to know a bit more. In your example did the first and third come out OK, but the middle one didn't? Are the 1st and 2nd the same and thus it worked once, but not the second time? There just isn't enough info there to figure out what's wrong since you obscured the obscured What do you have obscure host/IP set to? I should point out that not all IP addresses will reverse resolve, or do so in the time period allowed. Thus empty hostnames are perfectly fine in the logfiles.
DOH! It appears if the feature is entirely disabled the reject* messages might have invalid/random text. That's a bug. Expect a fix shortly.
NOTE: The new Secure_Ip options to control which users can enter which hostmasks is turned on by default and really shouldn't be since I don't normally enable new features in the default config file. I was supposed to comment that entirely but didn't before zipping things up.
The most obvious problem with the enabled defaults is only M accounts can enter *@* as a valid hostmask for a user. I'm sure there are people who will find that too restrictive...
|
|
|
11-05-2007, 06:20 AM
|
#17
|
Too much time...
FlashFXP Beta Tester ioFTPD Administrator
Join Date: May 2005
Posts: 1,194
|
v6.3.1 out
v6.3.1 out:
Code:
v6.3.1 Release Notes:
*** File Modifications:
1) File system\ioFTPD.exe changed. Version 6.3.1.0
2) File system\ioFTPD.ini changed.
3) File ioKnock\ioKnock.exe changed.
*** Fixes:
4) Secure_Ip option in the .ini is now disabled by default.
5) Fixed Random/corrupt hostnames being reported in "reject ..." logfile
messages if the new obscure host feature was disabled.
6) ioKnock no longer has any library dependency as it statically links MFC
and CRT. 50k file now 248k but who cares these days.
|
|
|
11-05-2007, 10:31 AM
|
#18
|
Senior Member
Join Date: Feb 2006
Posts: 138
|
Does the new io handle group admins correctly?
I.E. site ginfo and site uinfo only applies to users own admingroup?
|
|
|
11-05-2007, 11:25 AM
|
#19
|
Too much time...
FlashFXP Beta Tester ioFTPD Administrator
Join Date: May 2005
Posts: 1,194
|
pion: I'm not aware of any posted bug/feature request regarding group admins. Can you point me to the post?
The example you give of site uinfo/ginfo only applying to the users own admingroups certainly sounds like a good idea to me though. I'll add that.
|
|
|
11-05-2007, 11:28 AM
|
#20
|
Senior Member
FlashFXP Registered User ioFTPD Foundation User
Join Date: Jun 2004
Posts: 165
|
I just tested that, and it doesnt seem to be doing that.
IE user xxx is groupadmin of group GGG.
site change xxx admingroup GGG
site change xxx flags +G (3G)
After logging on with user xxx I tried the command site ginfo SiteOp, and sure enough the information was shown.
Code:
(17:26:55) [2] site ginfo SiteOp
(17:26:55) [2] 200-Description: Administrators
(17:26:55) [2] 200-MountFile : ..\etc\admin.vfs
(17:26:55) [2] 200-User slots : -1 (-1)
(17:26:55) [2] 200-Users : 2
(17:26:55) [2] 200-
(17:26:55) [2] 200- Name Flags Groups
(17:26:55) [2] 200- ioFTPD 1MTHL SiteOp
(17:26:55) [2] 200 ginfo Command successful.
|
|
|
11-05-2007, 11:30 AM
|
#21
|
Senior Member
FlashFXP Registered User ioFTPD Foundation User
Join Date: Jun 2004
Posts: 165
|
ahh Yil you beat me to the reply
nice to hear that function is going to be added
|
|
|
11-05-2007, 04:02 PM
|
#23
|
Senior Member
Join Date: Feb 2006
Posts: 138
|
I think there's a problem with the slots system for gadmin also. If admingroup isn't set, just the gadmin flag, the gadmin can add as many leech slots as he wish, regardless of what the slots for his group sais. Maybe also users, haven't tested it proper.
Could argue that it's a fault in the user adding the gadmin, but it's not really a superior behavior to have gadmin flag act as siteop flag on such matters.
|
|
|
11-05-2007, 05:51 PM
|
#24
|
Too much time...
FlashFXP Beta Tester ioFTPD Scripter
Join Date: May 2003
Posts: 1,326
|
That's how it should function. As far as ioFTPD is concerned there is no "gadmin" or "siteop" flag. There are only a few hard-coded flags:
A - Anonymous (any password works)
f/F - FXP permissions (deny FXP download/upload)
M - Master (cannot be changed by non-masters, can see private paths)
V - VFS admin (can see private paths)
Any other powers these flags give are defined by the permissions they're given in the ioFTPD.ini.
If a flag gives permission to a command, and a user has that flag, they can use that command.
Users are defined as "gadmins" by using site change <user> admingroups <groups> and nothing else. Commands must be specifically implemented to be aware of "gadmin" privileges by using User_IsAdmin API.
A better system is how glFTPd handle's it's group admins - which will require ioFTPD to have a special hard-coded gadmin flag. - The FTPD must be aware of the hard-coded gadmin flag.
- Any "site change" command defined with the gadmin flag in ioFTPD.ini will have ioFTPD call User_IsAdmin to verify the user is a gadmin.
- This moves the hard-coded gadmin checks from certain commands to configurable commands in ioFTPD.ini.
- Optional: When a user is given administrative privileges over a group, they automatically receive the gadmin flag.
- Optional: When a user is revoked administrative privileges over a group, they automatically lose the gadmin flag.
- These optional features can be implemented by scripts very easily, not required to be part of the daemon.
Last edited by neoxed; 11-05-2007 at 06:22 PM.
|
|
|
11-06-2007, 02:51 AM
|
#25
|
Too much time...
FlashFXP Beta Tester ioFTPD Administrator
Join Date: May 2005
Posts: 1,194
|
Group rights
There are actually 2 more hard coded flags.
L - always allow login (M implies L - just learned that!)
1 - inside the add user code M and 1 are tested to determine if the user is a pure admin or a group admin.
The G flag isn't hardcoded, it is simply a convention in ioFTPD.ini as neoxed points out. The problem is if you have the G flag but are NOT explicitly the groupadmin of any groups you are sort of considered a regular admin because the User_IsAdmin function allows that. I'm not sure if that is a long standing bug, or a historical artifact...
On the other hand if you ARE an admin of specific groups the code ALREADY limits all site change commands to members of those groups. In fact it was so limiting that I had to bypass the check in 6.3.0 for M flagged accounts (#23 above). Commands like addip/delip/etc check as well. Now that I think about it they may also screw up and not bypass the check for M flagged accounts either...
Outside of the change commands the site uinfo/ginfo and perhaps a few more really need to be made aware of groupadmin status so as not to reveal private info of other groups as this is what got this whole discussion going...
PROPOSAL:
I'm content to define hardcode 1 and M flagged users as "real" admins and thus they can admin all groups all the time. By default they can change admingroup settings for themselves so it's not like you can stop them! Everybody else MUST have specific groupadmin rights granted and they can only modify or see private info of users in those groups.
I also like the idea of a user who has groupadmin rights being automatically granted the G user flag and having the G flag revoked if no longer the admin of any groups. Therefore an attempt to add G to a user won't actually work, but the G flag will get set once a groupadmin right is defined. G would thus become sort of hardcoded as well. However all tests for admin rights will NOT test for G, but rather the absence of 1/M and/or admingroups. This is probably safer since I'm sure they will sooner or later get set wrong since user files can be manually edited.
The only drawback of this scheme is if in ioFTPD.ini a specific user/group was granted addip rights i.e "addip = G1M =trusted". Assuming a user in the trusted group doesn't have any admin flags (say just the 3 flag or something) and no admingroups are defined that user previously could have added IPs for anyone and now they can't.
The only way around this would be to revert to what we have now. If no admingroups are defined then that implies all groups. I think I'd rather go for the more secure setup and if necessary a script can be used to handle the =trusted type situations, but for the majority of FTP setups no scripts would be required.
|
|
|
11-06-2007, 06:06 AM
|
#26
|
Senior Member
Join Date: Mar 2006
Posts: 110
|
Yil: did you read about unicode issue in this page of 1/2
plz read and reply about it. i cant understand why noone intrest to tcl directly return to External cause no asian here?
and other request here
could you include site dupe/search function like a glftpd?
it will really better than depends on scripts in every way
1st, cause need long time to creating new log(ex:site rebuild on nxtools) for scripts if got better dir/files
2nd, need standardize! i think this is major function so glftpd does it
then no one need more make to each other scripts of search/dupe
Last edited by isteana; 11-06-2007 at 06:55 AM.
|
|
|
11-06-2007, 06:54 AM
|
#27
|
Too much time...
FlashFXP Beta Tester ioFTPD Administrator
Join Date: May 2005
Posts: 1,194
|
isteana: Enabling unicode inside ioFTPD just isn't going to happen as I've explained before. The code sucks, and it would take an enormous amount of work to get everything able to compile using wchars and debugging it would be a real pain. It would be better to just start over again actually. There is a reason darkone started to rewrite the whole thing from scratch...
Site dupe/search is what scripts are good for. It's a complex problem actually. Especially when dealing with symbolic links trees to sort/categorize things. Do you return them as well? Did the simple search just become trickier?
It would be kinda cool if we consolidated around a single script tool though...
|
|
|
11-06-2007, 12:32 PM
|
#28
|
Senior Member
FlashFXP Beta Tester ioFTPD Foundation User
Join Date: Dec 2001
Posts: 306
|
Yil? killed $user ?
|
|
|
11-07-2007, 03:05 AM
|
#29
|
Too much time...
FlashFXP Beta Tester ioFTPD Administrator
Join Date: May 2005
Posts: 1,194
|
Flow: didn't change $user. You check etc/ioftpd.env to make sure it's exported? It's there in the released version.
|
|
|
11-07-2007, 12:44 PM
|
#30
|
Member
Join Date: Oct 2007
Posts: 32
|
tested it on a mp3 site
every time a race is started, it crashes
im guessing it happens on leech, cos when i turn off the sitebot, it doesnt happen..
Code:
Wed Nov 07 04:03:30 2007 - ioFTPD v6.3.1
Unhandled exception: Access Violation (0xC0000005)
Address: 0x7C81BD02 [attempting to read data from 0x0081000D]
PID=14232, PATH=C:\PROGRAMME\ioFTPD\system\ioFTPD.exe
System information:
Processor #0 Name: Intel(R) Pentium(R) 4 CPU 2.80GHz
Processor #0 Identifier: x86 Family 15 Model 2 Stepping 9
OS: Windows 5.2 (build 3790)
Registry: Microsoft Windows Server 2003
Decoded: Server 2003 - Service Pack 2
Page size: 4096
Modules:
--------
[00400000 - 00463000]: C:\PROGRAMME\ioFTPD\system\ioFTPD.exe (v6.3.1.0)
[7c800000 - 7c8c0000]: C:\WINDOWS\system32\ntdll.dll (v5.2.3790.3959)
[77e40000 - 77f42000]: C:\WINDOWS\system32\kernel32.dll (v5.2.3790.4062)
[10000000 - 10163000]: C:\PROGRAMME\ioFTPD\system\php4ts.dll (v4.4.7.7)
[77380000 - 77411000]: C:\WINDOWS\system32\user32.dll (v5.2.3790.4033)
[77c00000 - 77c48000]: C:\WINDOWS\system32\gdi32.dll (v5.2.3790.4033)
[77f50000 - 77feb000]: C:\WINDOWS\system32\advapi32.dll (v5.2.3790.3959)
[77c50000 - 77cef000]: C:\WINDOWS\system32\rpcrt4.dll (v5.2.3790.4115)
[76f50000 - 76f63000]: C:\WINDOWS\system32\secur32.dll (v5.2.3790.3959)
[71bb0000 - 71bb9000]: C:\WINDOWS\system32\wsock32.dll (v5.2.3790.0)
[71c00000 - 71c17000]: C:\WINDOWS\system32\ws2_32.dll (v5.2.3790.3959)
[77ba0000 - 77bfa000]: C:\WINDOWS\system32\msvcrt.dll (v7.0.3790.3959)
[71bf0000 - 71bf8000]: C:\WINDOWS\system32\ws2help.dll (v5.2.3790.3959)
[77670000 - 777a9000]: C:\WINDOWS\system32\ole32.dll (v5.2.3790.3959)
[77d00000 - 77d8b000]: C:\WINDOWS\system32\oleaut32.dll (v5.2.3790.4098)
[48890000 - 488cd000]: C:\WINDOWS\system32\odbc32.dll (v3.526.3959.0)
[77530000 - 775c7000]: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\comctl32.dll (v5.82.3790.3959)
[7c8d0000 - 7d0ce000]: C:\WINDOWS\system32\shell32.dll (v6.0.3790.3959)
[77da0000 - 77df2000]: C:\WINDOWS\system32\shlwapi.dll (v6.0.3790.3959)
[762b0000 - 762f9000]: C:\WINDOWS\system32\comdlg32.dll (v6.0.3790.3959)
[00480000 - 00551000]: C:\PROGRAMME\ioFTPD\system\tcl84t.dll (v8.4.2.15)
[761b0000 - 76243000]: C:\WINDOWS\system32\crypt32.dll (v5.131.3790.3959)
[76190000 - 761a2000]: C:\WINDOWS\system32\msasn1.dll (v5.2.3790.3959)
[77b90000 - 77b98000]: C:\WINDOWS\system32\version.dll (v5.2.3790.3959)
[77420000 - 77523000]: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll (v6.0.3790.3959)
[00ce0000 - 00cf7000]: C:\WINDOWS\system32\odbcint.dll (v3.526.3959.0)
[03000000 - 03115000]: C:\PROGRAMME\ioFTPD\system\dbghelp.dll (v6.8.4.0)
[76920000 - 769e2000]: C:\WINDOWS\system32\userenv.dll (v5.2.3790.3959)
[71c40000 - 71c97000]: C:\WINDOWS\system32\netapi32.dll (v5.2.3790.3959)
[71b20000 - 71b61000]: C:\WINDOWS\system32\mswsock.dll (v5.2.3790.3959)
[5f270000 - 5f2ca000]: C:\WINDOWS\system32\hnetcfg.dll (v5.2.3790.3959)
[71ae0000 - 71ae8000]: C:\WINDOWS\system32\wshtcpip.dll (v5.2.3790.3959)
[01cd0000 - 01d72000]: C:\PROGRAMME\ioFTPD\modules\nxmydb.dll (v0.3.0.0)
[01d80000 - 02004000]: C:\PROGRAMME\ioFTPD\system\libmysql.dll (v0.0.0.0)
[76ed0000 - 76efa000]: C:\WINDOWS\system32\dnsapi.dll (v5.2.3790.3959)
[76f70000 - 76f77000]: C:\WINDOWS\system32\winrnr.dll (v5.2.3790.3959)
[76f10000 - 76f3e000]: C:\WINDOWS\system32\wldap32.dll (v5.2.3790.3959)
[76f80000 - 76f85000]: C:\WINDOWS\system32\rasadhlp.dll (v5.2.3790.3959)
[68000000 - 68035000]: C:\WINDOWS\system32\rsaenh.dll (v5.2.3790.3959)
[76b70000 - 76b7b000]: C:\WINDOWS\system32\psapi.dll (v5.2.3790.3959)
[76750000 - 76777000]: C:\WINDOWS\system32\schannel.dll (v5.2.3790.4068)
[68100000 - 68127000]: C:\WINDOWS\system32\dssenh.dll (v5.2.3790.3959)
[02980000 - 029a6000]: C:\PROGRAMME\ioFTPD\lib\nxHelper\nxHelper.dll (v2.3.0.0)
[029c0000 - 02a13000]: C:\PROGRAMME\ioFTPD\lib\sqlite3\tclsqlite3.dll (v0.0.0.0)
[748c0000 - 748c7000]: C:\WINDOWS\system32\powrprof.dll (v6.0.3790.3959)
Threads:
--------
ID: 14264 [00130000-0012fe94]
# 1: 7C8285EC -> [ntdll + 275EC] ? KiFastSystemCallRet() + 0x0
# 2: 00417910 -> [ioFTPD + 16910] ProcessMessages() + 0x40
[c:\projects\ioftpd6\6.3.0\src\internalmessagehandler.c, line 106]
# 3: 0041AFF0 -> [ioFTPD + 19FF0] CommonMain() + 0x30
[c:\projects\ioftpd6\6.3.0\src\main.c, line 250]
# 4: 0041B433 -> [ioFTPD + 1A433] WinMain() + 0x273
[c:\projects\ioftpd6\6.3.0\src\main.c, line 391]
# 5: 0044478A -> [ioFTPD + 4378A] __tmainCRTStartup() + 0x177
[f:\sp\vctools\crt_bld\self_x86\crt\src\crt0.c, line 324]
# 6: 77E6F23B -> [kernel32 + 2E23B] ? ProcessIdToSessionId() + 0x209
ID: 1836 [01060000-0105ff10]
# 1: 7C8285EC -> [ntdll + 275EC] ? KiFastSystemCallRet() + 0x0
# 2: 77E61C8D -> [kernel32 + 20C8D] ? WaitForSingleObject() + 0x12
# 3: 0043A68E -> [ioFTPD + 3968E] TimerThread() + 0x19E
[c:\projects\ioftpd6\6.3.0\src\timer.c, line 141]
# 4: 77E64829 -> [kernel32 + 23829] ? GetModuleHandleA() + 0xDF
ID: 13056 [01260000-0125ff14]
# 1: 7C8285EC -> [ntdll + 275EC] ? KiFastSystemCallRet() + 0x0
# 2: 77E61C8D -> [kernel32 + 20C8D] ? WaitForSingleObject() + 0x12
# 3: 00439F8F -> [ioFTPD + 38F8F] WorkerThread() + 0x5F
[c:\projects\ioftpd6\6.3.0\src\threads.c, line 441]
# 4: 77E64829 -> [kernel32 + 23829] ? GetModuleHandleA() + 0xDF
ID: 12308 [014d0000-014cff14]
# 1: 7C8285EC -> [ntdll + 275EC] ? KiFastSystemCallRet() + 0x0
# 2: 77E61C8D -> [kernel32 + 20C8D] ? WaitForSingleObject() + 0x12
# 3: 00439F8F -> [ioFTPD + 38F8F] WorkerThread() + 0x5F
[c:\projects\ioftpd6\6.3.0\src\threads.c, line 441]
# 4: 77E64829 -> [kernel32 + 23829] ? GetModuleHandleA() + 0xDF
ID: 12700 [015d0000-015cff14]
# 1: 7C8285EC -> [ntdll + 275EC] ? KiFastSystemCallRet() + 0x0
# 2: 77E61C8D -> [kernel32 + 20C8D] ? WaitForSingleObject() + 0x12
# 3: 00439F8F -> [ioFTPD + 38F8F] WorkerThread() + 0x5F
[c:\projects\ioftpd6\6.3.0\src\threads.c, line 441]
# 4: 77E64829 -> [kernel32 + 23829] ? GetModuleHandleA() + 0xDF
ID: 12968 [016d0000-016cff14]
# 1: 7C8285EC -> [ntdll + 275EC] ? KiFastSystemCallRet() + 0x0
# 2: 77E61C8D -> [kernel32 + 20C8D] ? WaitForSingleObject() + 0x12
# 3: 00439F8F -> [ioFTPD + 38F8F] WorkerThread() + 0x5F
[c:\projects\ioftpd6\6.3.0\src\threads.c, line 441]
# 4: 77E64829 -> [kernel32 + 23829] ? GetModuleHandleA() + 0xDF
ID: 13536 [017d0000-017cff48]
# 1: 7C8285EC -> [ntdll + 275EC] ? KiFastSystemCallRet() + 0x0
# 2: 0043A1F0 -> [ioFTPD + 391F0] IoThreadEx() + 0x30
[c:\projects\ioftpd6\6.3.0\src\threads.c, line 563]
# 3: 7C8277AB -> [ntdll + 267AB] ? NtRegisterThreadTerminatePort() + 0xC
ID: 12024 [018d0000-018cff48]
# 1: 7C8285EC -> [ntdll + 275EC] ? KiFastSystemCallRet() + 0x0
# 2: 0043A1F0 -> [ioFTPD + 391F0] IoThreadEx() + 0x30
[c:\projects\ioftpd6\6.3.0\src\threads.c, line 563]
# 3: 7C8277AB -> [ntdll + 267AB] ? NtRegisterThreadTerminatePort() + 0xC
ID: 13460 [019d0000-019cff14]
# 1: 7C8285EC -> [ntdll + 275EC] ? KiFastSystemCallRet() + 0x0
# 2: 77E61C8D -> [kernel32 + 20C8D] ? WaitForSingleObject() + 0x12
# 3: 0043A3E0 -> [ioFTPD + 393E0] EncryptionThread() + 0x20
[c:\projects\ioftpd6\6.3.0\src\threads.c, line 649]
# 4: 77E64829 -> [kernel32 + 23829] ? GetModuleHandleA() + 0xDF
ID: 12496 [01ad0000-01acff14]
# 1: 7C8285EC -> [ntdll + 275EC] ? KiFastSystemCallRet() + 0x0
# 2: 77E61C8D -> [kernel32 + 20C8D] ? WaitForSingleObject() + 0x12
# 3: 0043A3E0 -> [ioFTPD + 393E0] EncryptionThread() + 0x20
[c:\projects\ioftpd6\6.3.0\src\threads.c, line 649]
# 4: 77E64829 -> [kernel32 + 23829] ? GetModuleHandleA() + 0xDF
ID: 13304 [01bd0000-01bcff00]
# 1: 7C8285EC -> [ntdll + 275EC] ? KiFastSystemCallRet() + 0x0
# 2: 77E424ED -> [kernel32 + 14ED] ? Sleep() + 0xF
# 3: 00432EAC -> [ioFTPD + 31EAC] SocketSchedulerThread() + 0x35C
[c:\projects\ioftpd6\6.3.0\src\socket.c, line 1765]
# 4: 77E64829 -> [kernel32 + 23829] ? GetModuleHandleA() + 0xDF
ID: 13260 [01cd0000-01ccfcec]
# 1: 7C8285EC -> [ntdll + 275EC] ? KiFastSystemCallRet() + 0x0
# 2: 77E64829 -> [kernel32 + 23829] ? GetModuleHandleA() + 0xDF
ID: 12816 [02b30000-02b2ff7c]
# 1: 7C8285EC -> [ntdll + 275EC] ? KiFastSystemCallRet() + 0x0
# 2: 77E64829 -> [kernel32 + 23829] ? GetModuleHandleA() + 0xDF
ID: 12676 [02c30000-02c2ff20]
# 1: 7C8285EC -> [ntdll + 275EC] ? KiFastSystemCallRet() + 0x0
# 2: 004FEE95 -> [tcl84t + 7DE95] _TclpGetDate() + 0x395
# 3: 77E64829 -> [kernel32 + 23829] ? GetModuleHandleA() + 0xDF
also tried it with all scripts off, but that doesnt matter
|
|
|
Thread Tools |
|
Display Modes |
Rate This Thread |
Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 10:55 AM.
|