Hello Folks @ 3000-l,
Re: FTPMON under 5.5 "password" parameter
--------------------------------------------------Paul Courry writes--
Please forgive me if I do not follow the nuances of James complete
post, but the class I took in HP networking in 2000 very specifically
stated in the workbook that FTP most *definitely* executes logon
UDC's. As an aside, FTP and anonymous are user names that are
permitted and several special variables were created when FTP was
invoked by a user.
Could someone with the time and inclination set up a system wide udc
that would dump the showvar @ to a printer, then invoke FTP from their
PC or another machine and give us all a definitive answer?
----------------------------------------------------------------------
This is easy enough to test...
build a logon UDC for a user:
:newuser byebye;home=work;pass=gone
:print udc.work.sys
saybye
option logon,nobreak
bye
:setcatalog udc.work.sys;user=byebye.sys
and from a Telnet session... I logon as byebye.sys
MPE/iX:hello byebye.sys
ENTER ACCOUNT (SYS) PASSWORD:
ENTER USER (BYEBYE) PASSWORD:
HP3000 Release: C.65.00 User Version: C.65.00 SUN, JAN 7, 2001, 2:21
AM
MPE/iX HP31900 C.25.06 Copyright Hewlett-Packard 1987. All rights
reserved.
This system is reserved for Network Expert Center use only!
Unauthorized use is prohibited by law and people with sticks.
CPU=1. Connect=1. SUN, JAN 7, 2001, 2:21 AM.
<Your 'TELNET' connection has terminated>
and as you can see the "option logon,nobreak" UDC performs the "bye" and
logs you off.
and now if I logon with FTP:
:ftp aleta
File Transfer Protocol [A0010A02] (C) Hewlett-Packard Co. 1990
220 HP ARPA FTP Server [A0010A02] (C) Hewlett-Packard Co. 1990
Connected to aleta (15.44.48.51). (FTPINFO 40)
Name(manager): byebye.sys
331 Password required for BYEBYE.SYS. Syntax: userpass,acctpass
Password:
230 User logged on
Remote system type is MPE/iX
200 TIMEOUT command ok.
ftp>
ftp> pwd
257-"/SYS/WORK" is the current directory.
257 "BYEBYE.SYS,WORK" is the current session.ion will be opened
ftp>
ftp> ls /SYS/WORK/UDC
200 PORT command ok.
150 File: LISTFILE /SYS/WORK/UDC,6 opened; data connection will be opened
/SYS/WORK/UDC
226 Transfer complete.
15 bytes received in 0.01 seconds (1.63 Kbytes/sec)
ftp> dir /SYS/WORK/UDC
200 PORT command ok.
150 File: LISTFILE /SYS/WORK/UDC,2 opened; data connection will be opened
PATH= /SYS/WORK/
CODE ------------LOGICAL RECORD----------- ----SPACE---- FILENAME
SIZE TYP EOF LIMIT R/B SECTORS #X MX
72B FA 3 3 3 16 1 1 UDC
226 Transfer complete.
225 bytes received in 0.01 seconds (14.65 Kbytes/sec)
ftp>
and as you can see I am not logged off and in fact I can perform commands
and in fact I can delete this UDC file which is not possible if you are
logged in and executing the UDC.
ftp> del /SYS/WORK/UDC
250 DELE file action successful.
and now if I log in again with my Telnet session:
MPE/iX:hello byebye.sys
ENTER ACCOUNT (SYS) PASSWORD:
ENTER USER (BYEBYE) PASSWORD:
NONEXISTENT PERMANENT FILE (FSERR 52)
Couldn't open UDC file "UDC.WORK.SYS". (CIERR 1923)
No user-level UDCs have been initialized. (CIWARN 1927)
This system is reserved for Network Expert Center use only!
Unauthorized use is prohibited by law and people with sticks.
:
for the test with UDC and variables... I coded my option logon UDC
to set a variable test and to showvar test and to showvar FTP@
dontsaybye
option logon,nobreak
setvar test 1
showvar test
showvar ftp@
and now if I log in again with my Telnet session:
MPE/iX:hello byebye.sys
ENTER ACCOUNT (SYS) PASSWORD:
ENTER USER (BYEBYE) PASSWORD:
HP3000 Release: C.65.00 User Version: C.65.00 SUN, JAN 7, 2001, 2:33
AM
MPE/iX HP31900 C.25.06 Copyright Hewlett-Packard 1987. All rights
reserved.
This system is reserved for Network Expert Center use only!
Unauthorized use is prohibited by law and people with sticks.
TEST = 1
showvar ftp@
^
No match found for this variable set. (CIWARN 8116)
:
and in this case we find the OPTION LOGON UDC works and sets TEST=1, but
we also find out that the FTP variables are not set.
:ftp
File Transfer Protocol [A0010A02] (C) Hewlett-Packard Co. 1990
ftp> quit
:showvar ftp@
FTPLASTERR = 0
FTPXFERFILES = 0
FTPREQFILES = 0
FTPREPLACE = TRUE
by going into FTP we find out that the FTP variables are set internally
to the FTP/iX program and are not present on the system until the first
time FTP is run.
and now for the FTP test with a logon udc again...
ftp> :showvar test
showvar test
^
Variable not found in variable table. (CIERR 8106)
ftp> :showvar ftp@
FTPLASTERR = 0
FTPXFERFILES = 0
FTPREQFILES = 0
FTPREPLACE = TRUE
FTPLASTREPLY = 200 TIMEOUT command ok.
we again see the option logon,nobreak UDC is not executed by FTP, but
that the FTP variables are available since they are generated internally
to FTP/iX.
The FTP/iX and DSCOPY file transfer protocols do not execute UDC's when
logging on to a remote system. In the case of FTP/iX it could actually
be argued that this is as per RFC specification since the RFC's do not
specify a Terminal Emulator as part of the FTP protocol and in the case
of a LOGON UDC that generated output or requested input, a terminal
emulator of some sort would be necessary to intercept this i/o and
present it to FTP/iX in a message format that it could execute.
As per your side note: "As an aside, FTP and anonymous are user names
that are permitted". Yes, in the FTP code we translate a user logon of
'ftp' or 'anonymous' to 'USER.FTPGUEST' and do a chroot to /FTPGUEST/PUB.
I hope this helps clear up any confusion.
Regards,
James Hofmeister
Hewlett Packard
Worldwide Technology Network Expert Center
P.S. My Ideals are my own, not necessarily my employers.
|