TC9.20: FTPS-Connections to writeable homedir not possible

The behaviour described in the bug report is either by design, or would be far too complex/time-consuming to be changed

Moderators: white, Hacker, petermad, Stefan2

Post Reply
mikey
Junior Member
Junior Member
Posts: 11
Joined: 2010-08-31, 14:11 UTC

TC9.20: FTPS-Connections to writeable homedir not possible

Post by *mikey »

If TC opens a FTPS connection to a host with a write permission on the FTPS-home directory, TC breaks the login attempt with OFFLINE2, error=0 and does not connect to the FTPS server
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

OFFLINE2 means that reading from the server returns an error when reading data. It has nothing to do with write permissions on the server.
Author of Total Commander
https://www.ghisler.com
mikey
Junior Member
Junior Member
Posts: 11
Joined: 2010-08-31, 14:11 UTC

Post by *mikey »

Ah ok. After debugging the problem with other apps e.g. WinSCP connects with no error, but FileZilla shows "An unexpected TLS packet was received". Perhaps the fpts-lib is able to ignore unexpected TLS packtes via paramters, to make TC more failure tolerant.
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

Interesting, any idea what package is sent? Which server software do you use? I need to reproduce it so I can write a workaround.

Btw, you could try using OpenSSL instead of the normally used sChannel (Secur32.dll) library. For this, you need to download the OpenSSL libraries from here:
https://indy.fulgan.com/SSL/?C=N;O=D

Get the win32 package for Total Commander 32-bit (even on 64-bit Windows!), or the win64 package for Total Commander 64-bit.

Then unpack the dlls to the Total Commander directory. If you use the combined 32+64-bit version, but the 64-bit dlls in subdirectory "64" below the Total Commander directory. Then close and re-open Total Commander.

Total Commander will show in the connection log whether it uses sChannel or openSSL.
Author of Total Commander
https://www.ghisler.com
mikey
Junior Member
Junior Member
Posts: 11
Joined: 2010-08-31, 14:11 UTC

Post by *mikey »

Thank you for this tip.

I've tested the OpenSSL-solution without success.
TC uses OpenSSL after publishing the dlls in the TC directory.

Log output on connect:
SSL: Libraries loaded OK! C:\Programme\totalcmd\libeay32.dll

On the server side we're using the VSFTPD default package (3.0.3-9build1) on an Ubuntu 18.04 LTS server.

I think, I've read somewhere in the internet, that the failure package can be an unencrypted message which shows, that the home dir is writable (without guarantee).
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

Hmm, that shouldn't be - there are no plain text messages expected after AUTH TLS and the server replying
234 AUTH TLS successful

The server may send more reply lines before that, e.g.
234-Starting TLS sesssion
234 AUTH TLS successful
but nothing afterwards.

To find our what really happens, I will have to try to install VSFTPD, and configure it exactly like you did. Did you change anything in the VSFTPD configuration?
Author of Total Commander
https://www.ghisler.com
Post Reply