IP checking poll

[EwarWoo]

Just a quick straw poll to see how many people consider IP checking an important compnent of your FTP usage.
In relation to this thread:
http://www.inicom.net/forum/showthread.php?t=15198

Edit:// I would vote Essential but for some reason wont let me vote or view results on the poll I posted, so whatever the results let me know and add 1 on there

[whocarez2k5]

Essential!

Can't vote either:
Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Some account settings are not fixed i guess, also can't get on the ioFTPD Registered Members Only section

But back on topic i would say Essential.
Because after reading topic i agree with al the staments that are said about this future.
I must say that i'm not a guru ioFTPD user just playing with it for a couple of days now but i think this future is a must and is in my opinion more secure.
easy to fake IP or not in combo with cert you got the most secure server there is i think, so use them both! (if possible?)
And for the IP storage for that function (dunno if that happends but must be a logical thought) i'm sure there is a way to encrypt that

[foxmaster]

foxmaster, you do not have permission to access this page. This could be due to one of several reasons:

this is what I get ????

[darkone]

Quote:

Originally Posted by EwarWoo

Just a quick straw poll to see how many people consider IP checking an important compnent of your FTP usage.
In relation to this thread:
http://www.inicom.net/forum/showthread.php?t=15198

Edit:// I would vote Essential but for some reason wont let me vote or view results on the poll I posted, so whatever the results let me know and add 1 on there

This is rather pointless. How many times do I need to state, that this is something that can be scripted (there is absolutely no reason to have it hardcoded). Also, at the moment it looks like that none of the SITE commands will be hardcoded because of:

a) Use of (LUA) scripted command has neglible implication on general server performance.
b) Eventually most (all?) commands are likely to be scripted. There will be hardcoded helper functions for LUA that can be used to improve performance.
c) Io resolves client's hostname, and places it to client environment - only task left to do, is to go through list of ips stored in user/group contexts'.

pseudo-code USER command:

Code:

client = current_client();
if (is_logged_in(client)) {
  echo("530 Already logged in.");
  return;
}
user_name = get_arg_string(1, STR_END);
if (set_env(client, "UserName", user_name)) {
  echo("331 Password required for " + str(user_name));
} else {
  echo("530 Error:" + strerror(get_last_error()));
}

pseudo-code PASS command:

Code:

client = current_client();
if (is_logged_in(client)) {
  echo("530 Already logged in.");
  return;
}
user_name = get_env(client, "UserName");
if (! user_name) {
  echo("530 Use USER to login.");
  return;
}

uid = get_uid(user_name);
if (uid == INVALID_ID) {
  echo("530 Error:" + strerror(get_last_error()));
  return;
}
user = load_user(uid);
if (! user) {
  echo("530 Error:" + strerror(get_last_error()));
  return;
}
// ip-check
row_id = get_row_id(user, "Ip");
ip_cnt = get_row_count(user, row_id);
if (ip_cnt > 0) {
  match = false;
  client_host = get_env(client, "Hostname");
  client_ip = get_env(client, "Ip");
  while (ip_cnt--) {
    tmp_str = get_column_value(user, row_id, ip_cnt, 0);
    if (! str_match(client_host, tmp_str) ||
        ! str_match(client_ip, tmp_str)) {
      match = true;
      break;
    }
  }
  if (! match) {
    echo("530 Invalid username/password.");
    return;
  }
}

if (login_client(client, user, get_arg_string(1, STR_END))) {
  echo("230 Login successful.");
} else {
  echo("530 Error:" + strerror(get_last_error()));
}

[Grendel]

Quote:

Originally Posted by foxmaster

foxmaster, you do not have permission to access this page. This could be due to one of several reasons:

this is what I get ????

same for me
and I cannot post anything in
"ioFTPD Registered Members Only" Sektion too
i got same message.

[Linkster]

ok, i'll work on the permissions today...i think its fixed for now, but let me know if you run into anything else.

[JoC]

Got this when i tried to vote, so seems the error still is there.

Code:

JoC, you do not have permission to access this page. This could be due to one of several reasons:

Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system? 
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

[Linkster]

whoa, that is weird. all the permissions looked good, so I tried to vote myself...it allowed it, but took me to an archived poll for some reason.. The arechive is locked down, which might be causing the poll posting problem. I'll look into this further.

[tuff]

Scripters are here cause most of us actually enjoy scripting, this doesnt mean that we should be taken advantage of, and used to script everything that isnt seen fit to be included as a core component. We arent the ones being paid, and it seems very unfair that everytime something is requested, its always the `this can be scripted` standard reply

on another note, there is still problems with this page, most people cant vote, and even less can view the poll results

this thread is topic`d in #ioFTPD on efnet, where the whiners hang out

[darkone]

We're now talking less than 20lines of code :I Ihmo. this is getting really ridiculous - I simply don't want IP table to default database structure. And no, I don't like idea of having config option for it either.. so it'll be a script, and it will most likely come with default installation (disabled by default). I might even implement user credits using script - can't really see any reason not to do so

Ps. I could have implemented the function in time it took to write this post, but I still didn't.

[Mr_X]

I can't vote to this poll but I think IP checking is essential.
Just another question: I'm registered but I don't know where to add this information in my CP.

[Jog]

I can't vote to this poll but I think IP checking is essential. .. too

[Nicknet]

very sad for this decision..i want ip checking in core and not in script..

[Linkster]

Ok, everyone should be able to vote on this poll now. It was crosslinked with another thread in the archive. Apparently, polls didn't come over in the conversion. All old polls have been removed for now.

[darkone]

This is really ridiculous. You need to understand that I'm trying to make ioftpd completely script driven instead of having N hardcoded features. Even certificate based authentication will be eventually handled by scripts - perhaps not in 1.0, but later on when I can focus on adding new lua functions. Finally there is virtually no difference between operation performed by LUA script and operation performed C-function. Though, you can't modify hardcoded code path without disassembling the source - which is illegal.

If someone comes up with sane explanation why it should be hardcoded, I will make it so. But so far I've only heard arguments of which none is based on truth:

1) IP-check is part of File Transfer Protocol: it isn't.
2) Scripts are not as reliable: higher level programming languages are more reliable.
3) Scripts are slow: read about LUA.
4) Why did you remove it in first place: 1.0 is complete rewrite, it wasn't there to be removed in the first place.
5) Config option: ihmo default configuration should be minimal and provide basic functionality. Adding dozens of config options that of 90% are obsolete to most, is not something I would ever even consider.
5) If it is so easy to add, why not to: It has much to do with default database structure. I don't think IP table is something, that should be mandatory.

I think I'm through with this subject.. prepare to install script