PATCH: FTP Fix! from Peter Stamfest on 2000-08-24 (www-lib@w3.org from July to September 2000)

From: Peter Stamfest <peter.stamfest@eunet.at>
Date: Thu, 24 Aug 2000 23:55:49 +0200 (CEST)
To: www-lib@w3.org
Message-ID: <Pine.LNX.4.21.0008242344040.1247-200000@peter.stamf.pr.at>

Hi, 

I have already posted two messages regarding the FTP/persistant connection
problem, that could lead to security problems and strange results...

Finally, I found that problem mentioned in the TODO list...

So I sat down today, and fixed it (at least sort-of)

Basically, what I did is to give protocols the possibility to check if a
HTCannel (or actually HTHost) is compatible with what the protocol wants
to do. This is a generic mechanism. For FTP, this mechnism stores the
username/password with the HTHost object. When trying to reuse an existing
connection, it is checked if the username/password match the one given
with the current request. The channel is only used if they match.

The attached patch is against the current CVS source. I would like to
discuss the techniques it uses, in order to find out if it fits into
libwww or not. It would be great if sombody could check what I did. 

Feedback about the content and quality of the patch is welcome. I would
like to improve this area in the future, until we can say that it really
works.

I would like to add some remarks I have written down while I worked on the
patch:

--------------------------------------------------------------------
Made Changes:

Key change in HTHost_new (which has become HTHost_new_with_check,
HTHost_new is still available, but it is a wrapper around
HTHost_new_with_check):

It is now possible that there are multiple connections to the same
host/port combination in the cache. This required me to move the host
selection mechanism into the cache lookup loop.

In addition to the host/port check done traditionally, a callback
function may be called to check if a HTHost object (or rather its
channel) is compatible with the intentions of the caller. Currently
this feature is only used by the FTP protocol to check the uid/passwd.

If this check fails, the cache lookup continues, as there might be
another (compatible) HTHost object in the cache.

Possible improvements:

* Maybe ftp_ctrl should be used as the HTHost related protocol information.

* Maybe the protocol context should be associated with the channel
  instead of with the host

* could/should we use the context instead of introducing the new
  protocolContext?

* The REIN/USER/PASS logic to change user over a FTP connection may be
  dropped (?)

* the ftp_protocol_context structure has hardcoded lengths in it -
  should be changed

Could somebody check if the changes I made to the code in HTHost_new
(now actually HTHost_new_with_check) are correct and that they are
compatible with the HTHost cache???
-----------------------------------------------------------------

peter

BTW: Could anybody informed tell me if it is still necessary to fill out
and mail the form in PATCHES.html?

-- 
Peter Stamfest                    UNIX, Networking & Computing Consultant
Tel: +43/699/20711205             Software Development
E-Mail: ps@psncc.at               WWW: http://www.psncc.at/
        peter.stamfest@eunet.at

Attachments

TEXT/PLAIN attachment: libwww-FTP-patch

Received on Thursday, 24 August 2000 17:58:00 UTC