mod_ftp "named virtual hosts"?

["William A. Rowe, Jr." <wr...@rowe-clan.net>]

I've given some thought to the desire for mod_ftp to support different
host contexts, and came up with this...

What about modifying mod_ftp USER directive to accept username in the
format of user@host, and tokenize user as the username, host as the
http-ish Host: virtual host name?  If this feature were enabled,
'USER user' would simply be rejected.

Thoughts?

Re: mod_ftp "named virtual hosts"?

[Jorge Schrauwen <jo...@gmail.com>]

Oh didn't catch that i was scanning through the documentation with
"cat" on a ssh session from a PDA when I wrote this.

I'll look into this since that might be of use for me already then.

On 4/13/07, William A. Rowe, Jr. <wr...@rowe-clan.net> wrote:
> You can do this today using FTPJailUser.
>
> Trying to take this one step deeper into the vhost concept and vhost
> specific permissions, though.
>
> Jorge Schrauwen wrote:
> > Alternatively a different auth module could read and extra field that
> > point the user to a different root directory.
> >
> > sjorge ==> /server/host/www.blackdot.be
> > wrowe ==> /server/host/apache.org
> > ...
> >
> > this way the user name would be free of @'s :)
> >
> > Downside would be:
> > 1. multiple domains can't have the same user account
> > 2. a new auth module/provider (2.2.X has me confused on the split up
> > auth module system) so that and extra field is stored that holds the
> > domain name which will point it to the correct vhost.
> > Maybe the comment field can be used for storing this?
> >
> >
>
>


-- 
~Jorge

Re: mod_ftp "named virtual hosts"?

["William A. Rowe, Jr." <wr...@rowe-clan.net>]

You can do this today using FTPJailUser.

Trying to take this one step deeper into the vhost concept and vhost
specific permissions, though.

Jorge Schrauwen wrote:
> Alternatively a different auth module could read and extra field that
> point the user to a different root directory.
> 
> sjorge ==> /server/host/www.blackdot.be
> wrowe ==> /server/host/apache.org
> ...
> 
> this way the user name would be free of @'s :)
> 
> Downside would be:
> 1. multiple domains can't have the same user account
> 2. a new auth module/provider (2.2.X has me confused on the split up
> auth module system) so that and extra field is stored that holds the
> domain name which will point it to the correct vhost.
> Maybe the comment field can be used for storing this?
> 
> 

Re: mod_ftp "named virtual hosts"?

[Jorge Schrauwen <jo...@gmail.com>]

Alternatively a different auth module could read and extra field that
point the user to a different root directory.

sjorge ==> /server/host/www.blackdot.be
wrowe ==> /server/host/apache.org
...

this way the user name would be free of @'s :)

Downside would be:
1. multiple domains can't have the same user account
2. a new auth module/provider (2.2.X has me confused on the split up
auth module system) so that and extra field is stored that holds the
domain name which will point it to the correct vhost.
Maybe the comment field can be used for storing this?

Re: mod_ftp "named virtual hosts"?

["William A. Rowe, Jr." <wr...@rowe-clan.net>]

Henrik Nordstrom wrote:
> 
>> So if, for example, the admin wanted to define & as the alternative
>> separator, ftp://me&myhost:pass@myhost/ would be a little less ambiguous
>> to browser-style schemas.
> 
> Sounds reasonable. Except that it's quite impractical to use in HTML
> coding and very many applications (and users) rendering data into HTML
> will get it wrong..

You (the admin) would elect the alternate separator.

> Note: how most browser user agents implements the ftp:// URI scheme in
> general is quite far outside the standards, so it's not easy to know
> what will happen when trying something other than plain anonymous ftp
> with non-problematic characters, or even file paths..

Of course - most do and I wouldn't count on consistency.

Re: mod_ftp "named virtual hosts"?

[Henrik Nordstrom <he...@henriknordstrom.net>]

ons 2007-04-11 klockan 10:46 -0500 skrev William A. Rowe, Jr.:

> Firefox is fine with...
> 
> ftp://me@myhost:pass@myhost/
> 
> but it's odd enough I wouldn't trust that to be consistently supported,
> and you raise a good point with proxy/firewalls.

The above isn't a correctly formed URL. MUST be (RFC wise)

ftp://me%40myhost:pass@myhost/

which resolves the ambiguity, but is perhaps even less intelligible to
the user.

> So if, for example, the admin wanted to define & as the alternative
> separator, ftp://me&myhost:pass@myhost/ would be a little less ambiguous
> to browser-style schemas.

Sounds reasonable. Except that it's quite impractical to use in HTML
coding and very many applications (and users) rendering data into HTML
will get it wrong..

Note: how most browser user agents implements the ftp:// URI scheme in
general is quite far outside the standards, so it's not easy to know
what will happen when trying something other than plain anonymous ftp
with non-problematic characters, or even file paths..

Regards
Henrik

Re: mod_ftp "named virtual hosts"?

["William A. Rowe, Jr." <wr...@rowe-clan.net>]

Henrik Nordstrom wrote:
> fre 2007-04-06 klockan 21:37 +0100 skrev Nick Kew:
> 
>>> What about modifying mod_ftp USER directive to accept username in the
>>> format of user@host, and tokenize user as the username, host as the
>>> http-ish Host: virtual host name?
>> Sounds fair, provided the protocol doesn't assign some (different)
>> semantics to that.
> 
> FTP as such doesn't assign any semantic on the syntax of usernames, but
> very many FTP firewalls/proxies do...

I'm thinking of providing a directive to supply an alternate/additional
semantic separator...

Firefox is fine with...

ftp://me@myhost:pass@myhost/

but it's odd enough I wouldn't trust that to be consistently supported,
and you raise a good point with proxy/firewalls.

So if, for example, the admin wanted to define & as the alternative
separator, ftp://me&myhost:pass@myhost/ would be a little less ambiguous
to browser-style schemas.

As it turns out it's impossible to proceed without solving the subreq
issue first - bah.  So I'll come back to this idea after I've refactored
ftp_command.c to speak in top level requests.

Bill

Re: mod_ftp "named virtual hosts"?

[Henrik Nordstrom <he...@henriknordstrom.net>]

fre 2007-04-06 klockan 21:37 +0100 skrev Nick Kew:

> > What about modifying mod_ftp USER directive to accept username in the
> > format of user@host, and tokenize user as the username, host as the
> > http-ish Host: virtual host name?
> 
> Sounds fair, provided the protocol doesn't assign some (different)
> semantics to that.

FTP as such doesn't assign any semantic on the syntax of usernames, but
very many FTP firewalls/proxies do...

The proposed user@host is in fact the most common FTP proxy method,
meaning connect as user on host, and to login using a user@host style
login via such proxy may be a little awkward if it at all works..

Regards
Henrik

Re: mod_ftp "named virtual hosts"?

[Nick Kew <ni...@webthing.com>]

On Fri, 06 Apr 2007 15:25:03 -0500
"William A. Rowe, Jr." <wr...@rowe-clan.net> wrote:

> I've given some thought to the desire for mod_ftp to support different
> host contexts, and came up with this...
> 
> What about modifying mod_ftp USER directive to accept username in the
> format of user@host, and tokenize user as the username, host as the
> http-ish Host: virtual host name?

Sounds fair, provided the protocol doesn't assign some (different)
semantics to that.

>	  If this feature were enabled,
> 'USER user' would simply be rejected.

Ugh.  Better to make that a default vhost.  As in an HTTP/1.0
request without a Host: header.

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

Re: mod_ftp "named virtual hosts"?

[Jorge Schrauwen <jo...@gmail.com>]

The behavior is simular to what i've experienced with a few web hosts.
both xxx@blackdot.be and xxx@martine.photos.cc worked on
ftp.blackdot.be when i was having my sites hosted by my ISP.

So this sounds great! since that was one of hurdels I hit when trying
to implement mod_ftp in my vhost setup.

On 4/6/07, William A. Rowe, Jr. <wr...@rowe-clan.net> wrote:
> I've given some thought to the desire for mod_ftp to support different
> host contexts, and came up with this...
>
> What about modifying mod_ftp USER directive to accept username in the
> format of user@host, and tokenize user as the username, host as the
> http-ish Host: virtual host name?  If this feature were enabled,
> 'USER user' would simply be rejected.
>
> Thoughts?
>


-- 
~Jorge