This patch was supplied by Brad Bitterman . ----------------------------------------------------------------- This patch lets the server send out an IP address other than the one on which it was actually contacted. This is useful in environments where IP translation is going on. To apply this patch: shell% cd sftpd-1.40 shell% patch < pretend.ip.txt *** sftpd.orig.cpp Fri Mar 3 16:50:19 2000 --- sftpd.cpp Thu Mar 2 17:54:26 2000 *************** *** 183,188 **** --- 183,190 ---- allowCleartext(false), stdoutLogAnyway(false), forceDataRelay(false), + useFakeIPAddress(false), + fakeIPAddress(0), kerberosFtpdBinary(NULL), artificialDelay(0), *************** *** 292,298 **** // convenience char const *argString = argv[a] + 2; ! // used letters: adfhlopstvxyDK39 switch (argv[a][1]) { case 'v': { // version int minv, maxv; --- 294,300 ---- // convenience char const *argString = argv[a] + 2; ! // used letters: adfhilopstvxyDK39 switch (argv[a][1]) { case 'v': { // version int minv, maxv; *************** *** 377,382 **** --- 379,393 ---- kerberosFtpdBinary = argString; break; + case 'i': + // Send a different address when authenicating + // For sever sitting behind a proxy server + // It seems that if a bad address or hostname is used that an + // is thrown and the program is halted............. + fakeIPAddress = resolveHostName( argString ); + useFakeIPAddress = true; + break; + case 'h': // purpose of defining this is to ensure we reserve // an option for printing the help text *************** *** 431,436 **** --- 442,448 ---- " -y specify working directory (default is cwd)\n" " -o for -s, send debug output to stdout instead of syslog\n" " -3 disable 3rd-party transfer optimization\n" + " -i

use alternate address for authenication\n" " -K Kerberos compatibility (specify kftpd image)\n" //" -Dn sleep n seconds between data blocks (simulates slow link)\n" " -h print this message\n" *************** *** 1254,1263 **** // see if we know about this mechanism if (!skipQuery) { ! security = SecurityProvider:: ! findSecurityMechanism(methodName, NULL /*i.e., am server*/, ! getLocalAddress(client_control), ! getRemoteAddress(client_control)); } if (!security) { --- 1266,1284 ---- // see if we know about this mechanism if (!skipQuery) { ! if ( useFakeIPAddress && ! (getLocalAddress(client_control) != getRemoteAddress(client_control)) ) { ! security = SecurityProvider:: ! findSecurityMechanism(methodName, NULL /*i.e., am server*/, ! fakeIPAddress, ! getRemoteAddress(client_control)); ! } ! else { // For use of an alternate ip address ! security = SecurityProvider:: ! findSecurityMechanism(methodName, NULL /*i.e., am server*/, ! getLocalAddress(client_control), ! getRemoteAddress(client_control)); ! } } if (!security) { *** sftpd.orig.h Fri Mar 3 16:50:19 2000 --- sftpd.h Thu Mar 2 17:54:26 2000 *************** *** 98,103 **** --- 98,105 ---- bool allowCleartext; // true if we let user specify X-Cleartext{2,} bool stdoutLogAnyway; // don't use syslog even if looks like we should bool forceDataRelay; // relay data even if data encryption is off + bool useFakeIPAddress; // use different ip address for client authenication + IPAddress fakeIPAddress; // fake ip address to use if useFakeIPAddress is TRUE string kerberosFtpdBinary; // where to find Kerberos' ftpd binary (length is 0 // if we're not permitting GSSAPI) int artificialDelay; // if nonzero, sleep() this many seconds between data blocks