You can limit the machines that can access your site by restricting access to certain ip ranges. Because this would be very messy to do in a sensible user interface, the only way to set these restrictions is by using ResEdit. From ResEdit, create a STR# resource (in either the FTPd Preferences file or FTPd (the former overrides the latter), give it an id in the range of 600-699, and a name ending of:
メ<username> Site Restrictionモ where <username> is the user you are restricting.
メOwner Site Restrictionモ to restrict the owner.
メUser Site Restrictionモ to restrict any unspecified user.
メAnonymous Site Restrictionモ to restrict anonymous logins.
メDefault Site Restrictionモ to restrict anyone not specified above.
FTPd checks them in that order (for gopher restrictions, it checks Anonymous Site Restriction or Default Site Restriction). Each resource consits of a sequence of pairs, ip number, ip mask, both in dotted decimal format (eg 134.7.70.70). The remote ip is checked against the ip, with only the bits in the mask being relevent. If it matches then the user is allowed access. If it matches, but the ip string started with an exclamation mark then access is disallowed. The last match opverrides previous ones, and if there are no matches then access is denied.
By default, FTPd has a single メDefault Site Restrictionモ STR# resource, which contains 0.0.0.0, 0.0.0.0 so access is allowed from anywhere.
Here are some examples, first if you just wanted to restrict anonymous logins to inside 134.7, and everyone else has no restriction, then you create two STR# resources, either in FTPd Preferences (which is checked first) or FTPd, like this:
メAnonymous Site Restrictionモ: 134.7.0.0,255.255.0.0
You don't need to create the メDefault Site Restrictionモ, because it already exists in FTPd, if you wish to override the default, either change it in FTPd or add a メDefault Site Restrictionモ to FTPd Preferences.
Ok, and a more complicated one, say you wanted anonymous access to everywhere inside 134.7 except 134.7.70.70, user access to everywhere inside 134.7 and 130.95, user "Fred" and the owner access from everywhere, do this:
メAnonymous Site Restrictionモ: 134.7.0.0,255.255.0.0, !134.7.70.70,255.255.255.255
メUser Site Restrictionモ: 134.7.0.0,255.255.0.0, 130.95.0.0,255.255.0.0
メOwner Site Restrictionモ: 0.0.0.0,0.0.0.0
メFred Site Restrictionモ: 0.0.0.0,0.0.0.0
Note: These restrictions apply only to the control connection, not the data transfer connections, so it is still possible to use proxy-ftp to transfer files directly to a restricted machine, but the user must be connected from an allowed site.
Warranty
This program should do what Iユve described in this document. If it doesnユt, you can simply stop using it. If you pay me, and within a year find that it doesnユt do what I describe here, then you can notify me and I will refund your money and cancel your license.
Fine Print
Peter Lewis hereby disclaims all warranties relating to this software, whether express or implied, including without limitation any implied warranties of merchantability or fitness for a particular purpose. Peter Lewis will not be liable for any special, incidental, consequential, indirect or similar damages due to loss of data or any other reason, even if Peter Lewis or an agent of his has been advised of the possibility of such damages. In no event shall Peter Lewis be liable for any damages, regardless of the form of the claim. The person using the software bears all risk as to the quality and performance of the software.
US Governement:
Government End Users: If you are acquiring the Software and fonts
on behalf of any unit or agency of the United States Government, the
following provisions apply. The Government agrees:
(i) if the Software and fonts are supplied to the Department of
Defense (DoD), the Software and fonts are classified as "Commercial
Computer Software" and the Government is acquiring only "restricted rights"
in the Software, its documentation and fonts as that term is defined in
Clause 252.227-7013(c)(1) of the DFARS; and
(ii) if the Software and fonts are supplied to any unit or agency
of the United States Government other than DoD, the Government's rights in
the Software, its documentation and fonts will be as defined in Clause
52.227-19(c)(2) of the FAR or, in the case of NASA, in Clause
18-52.227-86(d) of the NASA Supplement to the FAR.
Acknowledgements
Thanks to RobT for suggesting the idea, to Quinn for demanding the use of System 7 U&G, and to Jager for figuring out how! Thanks to Quinn (again :) for the amazing icons and to Greg for colouring them in. And special thanks again to Jager and Quinn for figuring out my asnyc problems! And, of course, thanks to Stuart for delaying the release of this program for ages by making LOTS of suggestions, finding LOTS of bugs, and by writing Bolo! Thanks also to the UCC, Todd, Steve, c.s.m.p, archie.au, ftp.apple.com, Farhad, Tom, Andr'e, Aron, Ben, David, Gregory, Guy, Igor, Jim, John, Ken, Leonard, Frederic, Pete, Peter, Richard (who won the award for the most mail messages (after Quinn)), Rob, Russell, Thede, Tom, Zep, and anyone who uses FTPd!
I canユt describe how important the beta testers have been in making FTPd what it is, without them FTPd would not be a shadow of what it is now. So speacial thanks go to all of you who made suggestions or pointed out problems. I tried to list you all, but I gave up, there are just too many. Some of you made so many suggestions I couldn't count them all. Some of you analyised the network packets to find out what was happening and explained where I was going wrong. Some decompiled my code and sent it back to me with corrections. Some made suggestions that involved tiny changes with great benefits. Some made outrageous demands which I refused to do, and others outrageous demands which I eventually did. All of these would have been missing if I was working on my own. Thanks.
Thanks also to Mike Marburger for the closing sound.
How It Works
FTPd listens for TCP connections on port 21. When a connection is achieved, it waits for commands to be sent to it. Commands all have a simple form, there is a 3 or 4 character command (eg, RETR for retrieve file), and some parameters (eg, filename). FTPd interprets these commands, carries out there actions, and replies with a one line message, the first three characters of which are a 3 digit reply that can be interpreted by the FTP client, then the rest is human readable information. The reply codes are 1yz for preliminary success (action started), 2yz for complete success (action finished successfully), 3yz for intermediate success (requires another command before any action is taken), 4yz for temporary failure (try again later), and 5yz for permanent failure (give up and go home). For more information on the formats of these commands see the various FTP related RFCs. Some commands may reply with a multiline response, in which the first line begins with a three digit response code followed by a dash メ-モ followed by several lines of text and terminated by a line with the same response code and a space followed by some text. This confuses some servers, you can disable this feature by starting your username or password with a dash メ-モ.
FTPd also listens to port 70 for gopher connections. It then accepts a single line specifying either a folder, file, or index, and returns the info for it. The gopher server logs in as an AppleShare guest user, so guest access must be enabled (it was either that, or FTPd would have to know a user password, which I want'ed to avoid). The root of the gopher tree is specified by the login directory for fake user メGopherモ (it defaults ot /). This root is enforced, so you canユt have aliases pointing to folders outside this area (well, you can, but it won't work very well) (aliases to files outside the area work). You can reduce this restriction with the メGopherRootモ user directory, but that will allow anyone knowledgable in the gopher protocol to get at any file inside that root.
FTPd talks to the file system on the local Mac (and other servers) exclusively by using the same protocols as if it were accessing an AppleShare server (the single exception is the startup messages which are read via normal file system calls). The user logs in by giving a user name and password. This in turn is passed to the System 7 server (or AppleShare server) and an attempt is made to log in to the server. If the log in fails, and attempt is made to log in as a guest user. If either attempt succeeds, the volume is made available to the user. If the user tries to log in as either the owner or a user, they must successfully (non-anonymously) log in to at least one local volume or the whole connection is disallowed. Since all file system access is done through the AppleShare protocols, it should be virtually impossible to circumvent their protections. You should set up your system in such a way that irrespective of the privileges in FTPd Setup (which are not guaranteed in any way!) the user can not do too much damage. Thus users and guest should only have write privileges to areas of your file system that you wish them to be able to trash.
Version History
2.4.0d5
~Use %20 if a file name starts or ends with a space
~Added a preference for None, Speak, Play Sound connection notification.
~Fixed a problem with freezes during login
~Fixed? a problem with ABORting the connection.
2.4.0d3
~Universal Interfaces - ouch.
~Summary window.
~dont swallow returns in the Initial Command field.
~Use %FF for unprintables in paths. Accept %FF or =FF.
~geneva 9 log window
~warnings on ASCII/dataforkonly transfers of files that require Binary/resources
2.4.0d2
~STR# 180 maps file types to gopher types
~support gopher type "-" (ignore)
~Hide the "!Gopher Links" file
~Internet Config support
~Use only english months, otherwise it confuses clients like Anarchie
~speak text doesn't work?
~listing a directory with no files gives an error.
~file sharing disabled error instead of -1025.
~SIZE blib returns garbage instead of an error
2.3.0d10
Added SITE V statistics
Added "I Paid" flag
Changed from // to =3D and =2F encoding (MIME-like)
Limit SITE INDEX to 1000 entries
Fixed evil evil crashing bug
Fixed SMNT problems
2.3.0d1
Vastly simplified FTPd Setup
Removed 200 file limit of searches and directory listings
Much improved transfer speeds in most cases
Complete rewrite of the login code
Complete rewrite of the AFP code
Async IO for all transfers
2.2.1d1
~FTPd Setup Gopher Listing could crash.
~Read the prefs file only when the mod date changed
~!Gopher Links file inside an alias to a folder didn't work
2.2.0d1
~Use port 20 for Active data connections, should improve behavious with firewalls
~Attempt to support A/UX's lack of mtcp gestalt selector
~Support append (APPE) command
~Support for the SIZE command (but its approximate!)
~Put FTP and gopher port (21&70) into STR# resources
2.1.1d4
~Added option to display file size in gopher listsings
~Added support for TextToSpeach manager
~Fixed gopher error message
~Fixed bug that stopped gopher type changes from being saved
~added メsafegetモ feature to simplify prefs management
~Added CautionAlert for Server and Far Server privs
2.1.1d3
~Handle the virtual "." directory (for current directory)
~Fixed FillWindow to work with small log files.
~Fixed JPEG and GIFf gopher display
~added handling for LIST *.hqx, so mget *.hqx works.
2.1.0d3
~Improved security, users and owner MUST log in to at least one local volume.
~Fixed SMNT and SITE commands to allow slashes
~Minor change to balloon help
~Fixed ":" option in Prefs window (wasnt being saved)
2.1.0d2
~Gopher window add link etc selects item
~Notification sound for connections□.
~Option to hide log window when in the background.
~GIF,JPEG support?
~Way to specify the host name for this Mac.
~gopher remote telnet
~Implement the Security window to give control over what commands are allowed
~If you open preferences (in this case the default use logon path), and make a change eg the default path, then click "Cancel" the change is applied anyway.
2.1.0d1
~support SITE A QUIT <creator>, SITE A OAPP <creator>, and SITE A LIST.
~added -t option to listings to display the type/creator of files.
~button for Edit Attributes - double click should not be required
~option-double clicking Folders open's a new Gopher Listing Window.
~support SMNT Volume:Server[@Zone][:username[:password]] - mount a volume.
□~Sort the gopher directory.
~TurboGopher+1.6 sends "<tab>+" invalid line to FTPd? - accept and ignore it
~Debilitatin Gopher bug that leaves all the files/folders unaccessible.
~Doesn't notice enabling gopher without restarting FTPd.
~No balloon help for Add index Entry.
~Retry count balloon help and static text messages differ.
~Drop folders don't have the x bit set.
~PASV command doesn't work with proxy ftp?
~FTPd doesn't notice changes to the translation prefs unless restarted.
~Fixed some capitilizations in the various FTPd Setup windows.
2.0.1 Fourth release (1 day later!)
~Fixed a bug in FTPd Setup that could eat users' files.
2.0.0 Third release
2.0.0d17
~FTPd Setup, Gopher Listing needs to recognize Aliases to folders.
~Fixed a glitch with listing a folder with a single folder in it
~Changed the log strings abit to allow easier parsing.
2.0.0d14
~Send "Transfer Finished" after last send in Send Format (might speed up the close)
~Long TCP close time after file transfer?
~Disabled some DebugStrs that probably shouldnt have been there.
~Reduce the size of Get and List connections
the combination of those three caused these crashes:
~File transfer crashes - Scott Gruby
~Listing crashes - John Norstad
~Fixed a bug that caused alias resolution to fail (forgot to initialize the path, oops)
~Added GopherRoot user to allow aliases to point outside the Gopher tree.
~Link files owned by FTPd Setup, double clicking them opens Gopher Listing.
~Don't add .hqx to the end of folder aliases
~SetPort to stop List Clicks in Gopher Listing from failing (maybe)
2.0.0d10
~Long TCP close time after file transfer - might help.
~Alias support - its impossible, but do it anyway.
~Option to disable .hqx in gopher listings
~Preference for ignoring /
~Need to do reverse name lookup for name
~Don't list folders the user can't access
~Extend close timeout from 20 seconds to 2 minutes - THANKS JOHN!!!!!
2.0.0d8
~archie-like index support
~SITE INDEX as a synonym for SITE F
~Only log in to volumes you can access (Gopher and FTP)
~Gopher logging
~editable type field
~Gopher links not read by gopher listing?
~Support user directory for user "gopher" to set the gopher root
~Handle Revert on user directory listing properly
2.0.0d7
~Gopher UI for defining links and renaming files
~Enable/Disable FTPd/Gopher independently
2.0.0d6
~Support Scrambled&Two-way passwords.
2.0.0d5
~Fixed an annoying bug that caused the server to occasionally lock connections up.
(if it got more than 10 events in a row, it lost the last one!)
~Run in either foreground or background depending on the SIZE=-1 backgroundonly bit
~Foreground log window
2.0.0d2
~IP restrictions (as for ftp, but username gopher, userkind Guest).
~Fixed a bug that could give spurious errors during MacBinary receives.
2.0.0d1
~Initial gopherd implementation
1.2.0d3
~A way of setting folder privs
1.2.0d2
~Support options to NLST and LIST -CspFl (cols, size in k, dir/, long)
~A way of changing passwords.
1.2.0d1
~Handle changing from EtherTalk <-> Localtalk network connections.
1.1.0 - Second official release
1.1.0d10
~Fixed a async crash bug
~Display the trasfer size in メgetモ commands.
~Use Fetch Preferencesユ suffix mappings to set the type/creator on binary putユs.
1.1.0d8
~More than 100 files in a directory. - now 200.
~Transfer speed - via transfer buffer sizes - buffer sizes were increased 2.5 times
~Access to files with a / in their name by doubling the /
~Notice write protected folders and refuse the STOR etc commands immediately
~Drop folder writes don't work.
~ISO character translation on file names and TEXT files
~Added Remote Site Restrictions
~Fixed a bug that caused problems if there was more than 20 servers in your zone
~Changed "Add .hqx" to not add .hqx for TEXT files
~Fixed an address error crash on 68000 machines
~Fixed a ReleaseResource/DisposHandle bug
~Fixed a bug with GetMHandle and PopupMenus (well, Apple fixed a bug which broke my code, so I fixed my code, hope it doesnユt break Appleユs! :-)
Think about it - all the following happened before FTPd was even released to the public:
1.0.9 - First Official Release
~Added Balloon Help to FTPd Setup
1.0.9b
~Changed to use a limited number of async logins to avoid problems with XPP
~Locks up looking for a server - added timeout and fixed a bug.
~Fixed a security loophole - disabling all access to users and guest didn't always.
~Added support for ls -F
~An option to add ".hqx" to the end of all file names in all listings.
~Removed the distinction between Local and Shared Points (whatever it was before :)
1.0.8b
~Added logging of login failures.
~Added the number of volumes to the login message.
~Send a sensible message when file sharing is not active.
~Fixed a bug with SITE F which locked up if it found >100 files.
~Fixed an evil evil bug with Async logins.
~Changed lists unit to be ptr based instead of handle based.
~Closed the volumes before logging out so the Finder updates the little heads correctly.
1.0.7b
~Fixed a bug that caused problems if the Start or Folder Info files were to big.
~Improved Server logins, it should now not freeze your Mac and should be faster to login in, though still very slow.
~Fixed a bug that made FTPd miss the start of binhex files.
~Changed SITE X to SITE Q.
~Added help on SITE ? commands: remotehelp "site f" for example...
1.0.6b
~Fixed an annoying NBP lookup bug.
~Translate 8 bit to 7 bit characters when sending ascii files.
~Added command SITE F <filename> to return all the matching filenames.
~Fixed a bug that might speed up RETRieves a bit (and was very stupid!)
~Added username to all log entries (get, put, del, etc)
~Added primitive AE support to FTPd Setup
1.0.5b
~Added a checkbox to disable the log file (and disable it by default)
~Restructure the files/folders used by FTPd. There is now a folder called メFTPd Preferences トモ in the Preferences folder that contains the FTPd Preferences file, the FTPd Log file, and optionally the Startup Messages folder (which can also reside in FTPdユs folder).
~Name Startup Message file is displayed to user Name on login.
~Start the messages on the NNN- line (so NNN-first line of file).
~Fixed it so that file names that start with a space are handled correctly.
~Changed it so that Thingy Startup & !Folder Info are both returned at startup.
~Fix a bug with the time stamps in MacBinary files.
1.0.4b
~Far servers
~Improved error reporting.
~Fix a bug that caused retrieves to fail.
1.0.3b
~Honour invisible files.
~Maximum of 48 files listed (4k limit I expect). Should be maximum of 100 (or more even?).
~Include GetInfo comments in MacBinary transfer.
~User definable text displayed on startup and dir entry?
~Maximum number of users.
~Idle time out setting.
~User time restrictions? Suport "only after X, or before Y" time restriction.
1.0.2b
~terminate the connection after five minutes or three failed logins.
~Support logins only when mac is idle.
~Support copy_inhibit.
~Fix up CRC calculation in MacBinary code.
~MacBinary and/or BinHex still broken - think I've got all the bugs out.
