AUTH TLS not recognised

[David Vasseur]

The AUTH TLS command is not recognised and when issued the server is
closing the connection.

[Andreas Liebig]

Hello.

This is correct, the feature is currently not supported.
I will consider it for a future update.

Andreas

On Mon, Jan 30, 2012 at 23:16, David Vasseur <dvas...@excelcio.com> wrote:
> The AUTH TLS command is not recognised and when issued the server is
> closing the connection.
>

> --
> You received this message because you are subscribed to the Google Groups "AndreasLiebig" group.
> To post to this group, send email to andreasl...@googlegroups.com.
> To unsubscribe from this group, send email to andreasliebiga...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/andreasliebigapps?hl=en.
>

[David Vasseur]

In the meantime, could the server answer with a 500 (unrecognized
command) or even better a 502 (does not implement the security
extensions) code ? I would really love to use this FTP Server, it's
the only one I found which is able to refresh the media library after
a FTP session !

[Andreas Liebig]

I could add that in a minor release, yes.
I'll try to find some time to do it.

Andreas

[tarantoga]

Same here: I can no longer connect using "nautilus" or "lftp" (but there is a workaround for lftp). I don't think, AUTH TLS is the main problem! I did some tests: 1. lftp with default settings: $ lftp -d ftp://tarantoga@galaxy:2121/ ---- Connecting to galaxy (192.168.108.105) port 2121 <--- 220 aFTPServer ready (cwd is /)          ---> FEAT <--- 530 - NOT Logged In                            ---> AUTH TLS **** control-socket: Connection reset by peer 2.lftp without AUTH ("set ftp:ssl-allow off" in ~/.lftp/rc): $ lftp -d ftp://tarantoga@galaxy:2121/ ---- Connecting to galaxy (192.168.108.105) port 2121 <--- 220 aFTPServer ready (cwd is /)          ---> FEAT <--- 530 - NOT Logged In                            ---> USER tarantoga **** control-socket: Connection reset by peer 3. lftp without FEAT ("set ftp:use-feat off" in ~/.lftp/rc): $ lftp -d ftp://tarantoga@galaxy:2121/ ---- Connecting to galaxy (192.168.108.105) port 2121 <--- 220 aFTPServer ready (cwd is /)          ---> AUTH TLS <--- 530 - NOT Logged In                           ---> USER tarantoga **** Peer closed connection 4. lftp without AUTH and FEAT: $ lftp -d ftp://tarantoga@galaxy:2121/ ---- Connecting to galaxy (192.168.108.105) port 2121 <--- 220 aFTPServer ready (cwd is /)          ---> USER tarantoga <--- 331 - Login as tarantoga OK. Send password    ---> PASS XXXX <--- 230 - Password accepted ---> PWD <--- 257 "/" cd ok, cwd=/ OK, so lftp works by disabling AUTH and FEAT, but have a look at 1., 2. and 3.: lftp sends a command that FTPServer does not understand and the answer is always "530 - NOT Logged In" (IMHO that is not the correct response). After the next command FTPServer always closes the connection, even if valid! I did another test this time with netcat: $ nc galaxy 2121 220 aFTPServer ready (cwd is /) FEAT 530 - NOT Logged In $ $ nc galaxy 2121 220 aFTPServer ready (cwd is /) BADCOMMAND 530 - NOT Logged In $ $ nc galaxy 2121 220 aFTPServer ready (cwd is /) PWD 530 - NOT Logged In $   This shows: if the first command is not USER, FTPServer throws a 530 and FTPServer closes the connection (which it should not!); the next command will never reach FTPServer. Closing the connection takes some time and the client is able to send another command like AUTH or USER while FTPServer closes the connection; it looks like AUTH/USER/etc. is the problem, but it's not. I also tried unrecognized commands after login: then I get a 500 without closing the connection (this is the expected behavior). Conclusion: FTPServer should not close the connection, if the client sends commands before login. This must be a regression: I sync my music files using lftp and FTPServer quite often and this always worked without problems. Only recently it stopped working, so this behavior is new (last update?) tarantoga

[Andreas Liebig]

The problem is that as a fix for a security hole,

all commands require you to be logged in first.

I'll revisit this and allow certain commands to be executed without logging in (e.g. FEAT)

Andreas 

--
You received this message because you are subscribed to the Google Groups "AndreasLiebig" group.

To view this discussion on the web visit https://groups.google.com/d/msg/andreasliebigapps/-/g8ix3NlSlVUJ.

[tarantoga]

It's ok, that all commands require a login, but you really need to close the connection?

(I'm not sure, if the 530 reply is allowed for all commands, but the error number is not the main issue here; but closing the control connection is a real show stopper for some clients).

tarantoga

[Andreas Liebig]

Hallo!
Should be solved in 1.10.3.
It was a side effect of the security fix 1.10.2

Sorry for the inconvenience.
Future versions will distinguish between commands that are allowed
without logging in and those that need a prior log in.

Andreas

> --
> You received this message because you are subscribed to the Google Groups
> "AndreasLiebig" group.
> To view this discussion on the web visit

> https://groups.google.com/d/msg/andreasliebigapps/-/tY4Ku1g2Ur0J.

[tarantoga]

Just did a quick test: nautilus and lftp can connect to FTServer 1.10.3 without problems.

Thank you very much for the fix!

tarantoga

[Andreas Liebig]

You are welcome, and thank you for the confirmation!

> --
> You received this message because you are subscribed to the Google Groups
> "AndreasLiebig" group.
> To view this discussion on the web visit

> https://groups.google.com/d/msg/andreasliebigapps/-/05SsMLgpltMJ.