Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
HP.com home
 Jazz home  >  Software

Socksified ftp for MPE/iX
» 

Jazz home
»

Software
»

Papers & Training
»

Java
»

HP Partners
»

News & Events
»

Register for more info
Content starts here

Socksmpe v1.0 - may 1, 2001

THIS SOFTWARE IS NOT SUPPORTED BY HP. USE AT YOUR OWN RISK!

This distribution was created so that the MPE/iX FTP client FTP.ARPA.SYS can be "socksified" so intranet users can establish FTP connections to the Internet side of a firewall via a socks server.

An alternative socksified FTP client for MPE/iX was released in 1999, but that version was a special binary-only build of FTP.ARPA.SYS and the NEC Socks client library. It was only designed to run on MPE/iX 6.0, was prone to causing system aborts on 6.5, and was never updated with HP patches for the regular FTP client. In addition, the NEC Socks client library has a license that forbids commercial use. This alternative distribution is still available further down this web page, but it should be considered obsolete and avoided if possible.

This new SocksMPE distribution has a different architecture that does not require special source builds or binary modifications of the program being socksified. As a result, even though you've socksified official HP software such as FTP.ARPA.SYS, the OS patch & update process will still be able to deliver new functionality to the socksified program.

The HP Socks library is now used instead of the NEC one. Commercial use does not appear to be prohibited, but selling software based on this code may be problematic. I am not a lawyer; you are solely responsible for determining whether or not your use of this software is legal. For more info about the HP Socks library, please see:

Distribution contents

README
you're reading it now
Makefile
top-level Makefile for compiling & installing
SFTP
socksification wrapper script for FTP.ARPA.SYS
SOCKS-SOURCE/
HP Socks library directory tree
SOCKSXL
pre-compiled binary NMXL socksification shared library
intercept/
MPE socket interceptor directory tree
socks.conf
sample client config file for the HP Socks library

How to install

  1. Download the tarball from http://jazz.external.hp.com/src/ftp/socksmpe-1.0.tar.Z to your e3000 as /tmp/socksmpe.tar.Z.
  2. :HELLO MANAGER.SYS
  3. :XEQ SH.HPBIN.SYS -L
  4. cd /usr/contrib/src
  5. tar xvfopz /tmp/socksmpe.tar.Z
  6. cd socksmpe*
  7. make (optional step to compile; gcc is required for compilation)
  8. make install (creates /etc/socks.conf, /SYS/NET/SOCKSXL, /SYS/ARPA/SFTP, and man pages in /usr/contrib/man/)
  9. edit /etc/socks.conf as appropriate for your environment

How to use

To invoke socksified FTP from the MPE CI:

:XEQ SFTP.ARPA.SYS [hostname]

To invoke socksified FTP from the POSIX shell:

/SYS/ARPA/SFTP [hostname]

Please note that the CI and the shell use the same script file.

How it works

SocksMPE is designed to socksify code that has been statically linked with either SOCKETRL.NET.SYS or /usr/lib/libsocket.a. When you call a Berkeley Sockets function such as connect() and then link with these libraries, a small wrapper function for connect() is added which calls an external function HPCONNECT() which resides in XL.PUB.SYS.

SocksMPE consists of an NMXL called SOCKSXL.NET.SYS which traps these calls to the underlying Berkeley functions such as HPCONNECT(), redirects them to the HP Socks client library which will then eventually do a real Berkeley connect() which must be resolved in SOCKETXL.NET.SYS.

To summarize, your program without socksification:

you -> connect() in libsocket.a -> HPCONNECT() in XL.PUB.SYS

Your program with socksification:

you -> connect() in libsocket.a -> HPCONNECT() in SOCKSXL.NET.SYS -> Rconnect() in SOCKSXL.NET.SYS -> connect() in SOCKETXL.NET.SYS -> HPCONNECT() in XL.PUB.SYS

To actually socksify your program, your need to specify SOCKSXL.NET.SYS and SOCKETXL.NET.SYS at either link time or run time, i.e.:

:XEQ LINKEDIT.PUB.SYS 'ALTPROG FOOBAR;XL=SOCKSXL.NET.SYS,SOCKETXL.NET.SYS'

or

:RUN FOOBAR;XL='SOCKSXL.NET.SYS,SOCKETXL.NET.SYS'

The SFTP script supplied with this distribution takes the latter approach.

Limitations

SocksMPE was solely designed to socksify FTP.ARPA.SYS on MPE/iX 6.5. It has not been tested on other programs or other versions of MPE.

The HP Socks library contains replacement functions for dup(), dup2(), gethostbyname(), and gethostbyaddr(), but since FTP.ARPA.SYS does not use dup() or dup2(), and HP intranet machines can access external Internet DNS information, SOCKSXL does not currently contain code to intercept these four functions.

Only the barest minimum necessary of the HP Socks library has been compiled for SocksMPE. Things NOT referenced by SOCKS-SOURCE/Makefile.mpe are COMPLETELY untested.

Change log

v1.0 May 1, 2001

Initial public release.

THE REMAINDER OF THIS WEB PAGE PERTAINS TO THE OBSOLETE VERSION OF SOCKSIFIED FTP. YOU SHOULD BE USING THE SOCKSMPE DISTRIBUTION DESCRIBED ABOVE INSTEAD.

Disclaimer

THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, TRADE OR PRACTICE.

IN NO EVENT SHALL HP OR ANY OF ITS AFFILIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
HP is the exclusive owner of SOCKSified FTP on HP3000.  NEC USA is the exclusive owner of SOCKS5 source and binaries.

SOCKS5 :  Copyright (c) 1995-1998 NEC Corporation.  All rights reserved.

Customers are subject to the following terms while using the Software.  (Here Software refers to NEC's "libsocks.a" library)

a.  They may use the Software for non-commercial purpose only, such as academic, research, and internal business use.

b.  They may not reverse engineer, disassemble or decompile the Software.

c.  They may not copy and distribute the Software nor any of its derivativies in whole or in part unless:

    i.  the distribution is limited to their internal business;
    ii. the copyright notice and this list of conditions appears on all copies;
    iii. no charge is associated with the distribution of such copies, and;
    iv. NEC Corporation retains ownership of the Software.

NEC may not be contacted in case of any problems with SOCKSified FTP.

What is socks?

SOCKS is a networking proxy protocol that enables hosts on one side of SOCKS  server to gain full access to hosts on the other side of the SOCKS server without requiring direct IP reachability. SOCKS redirects connection requests from hosts on opposite sides of a SOCKS server. The SOCKS server authenticates and authorizes the requests, establishes a proxy connection, and relays data.

SOCKS is commonly used as a network firewall that enables hosts behind a SOCKS server to gain full access to the Internet, while preventing unauthorized access from the Internet to the internal hosts.

There are two major versions of SOCKS: SOCKS V4 and SOCKS V5.

Prerequisites

1.  You should be running MPE 6.0, with FTP having the following

HP FTP/XL        HP36957 overall version = A.00.09

Note:   You can have SOCKSified FTP running on MPE 5.5 (with the latest FTP GR patch).  However,  there might be inconsistent behaviour.   (See below for details)

2.  You need access to a SOCKS server (SOCKS4 or SOCKS5 server, to be precise) on your Intranet, and create the file  /etc/libsocks5.conf

A sample content of this file is

noproxy c,b,u 96. - MANAGER.SYS socks1.domain.com
socks4 c,b,u  11.12.13.14 - MANAGER.SYS socks2.domain.com

The first field indicates whether the server is a SOCKS4 or SOCKS5 server.  (Unless you get this right, socksified FTP won't work right!)   For hosts inside the intranet  "noproxy" can be used.  The last field is the name of the SOCKS server. c,b,u stand respectively for connect, bind, UDP.

For more details of the various options above,  refer to
http://spiderman.socks.nec.com/man/libsocks5.conf.5.html

Other information (must read)

Socksified FTP has been created by linking the FTP 6.0 object files with NEC's SOCKS5V1.0R6 library,  libsocks5.a, ported to MPE/iX by Holger Wiemann.  It is also linked with the POSIX library libbsd.a available elsewhere on this system.  This is to resolve certain unresolved externals.   (libbsd.a is NOT supported by HP)

Socksified FTP makes use of the catalog and help files of the normal FTP on MPE 6.0, namely FTPC000 and FTPHELP respectively.   If it is run on MPE 5.5, it will make use of the 5.5 catalog and help files.  This might result in some inconsistencies in the behaviour.     However, it will not make use of any other files.  Hence, it is perfectly okay for FTPMON to be running and receiving incoming FTP connections and SFTP being invoked for external connections.

The current binaries of socksified FTP are the socksified binaries of normal FTP of the base MPE 6.0 release.   HP makes no claims to keeping the binaries updated as and when patches for FTP 6.0 are released.

If a customer finds a problem with the SFTP,  they will need to duplicate this same problem with normal FTP before they can call HP for support.

Download socksified ftp


The socksified FTP distribution is a tarball with the following files

SFTP - socksified FTP client
SFTPXL - socksified FTPXL

This may be copied to ARPA.SYS.  To run SOCKSified FTP, type "SFTP.ARPA.SYS" from the MPE prompt.

sftp.tar.Z - compressed tar archive containing SFTP - socksified FTP program file, and
SFTPXL - socksified FTP XL. Transfer this tarball to your 3000, uncompress it ($uncompress
sftp.tar.Z), unarchive it ($tar xvf sftp.tar) and you'll see:

...from the shell:

-rw-r-----   1 MANAGER.SYS       SYS       882715 Dec 11 13:10 sftp.tar.Z
-rwxrwx---   1 MANAGER.SYS       SYS       845824 Dec 11 13:11 SFTP
-rwxrwx---   1 MANAGER.SYS       SYS      1226496 Dec 11 13:11 SFTPXL

...from the CI:

 CODE  ------------LOGICAL RECORD-----------  ----SPACE----  FILENAME
         SIZE  TYP        EOF      LIMIT R/B  SECTORS #X MX

 NMPRG   128W  FB        3304       3312   1     3312 13  *  SFTP
 NMXL    128W  FB        4791    4096000   1     6144  6  *  SFTPXL

socks5 Debug/trace information

By setting the following, you can get debug/trace information as SFTP runs.

From MPE prompt

setvar SOCKS5_DEBUG 255
setvar SOCKS5_LOG_STDERR true

From POSIX prompt

export SOCKS5_DEBUG=255
export SOCKS5_LOG_STDERR=true
 

For SOCKS V4 there is no rfc mentioned but a specification paper  at

 
SOCKS V5 protocol (also called Authenticated Firewall Traversal (AFT))
is an Open Internet Standard and you'll find three rfcs:

  rfc1928  SOCKS Protocol Version 5
     at http://www.socks.nec.com/rfc/rfc1928.txt
     or http://www.cis.ohio-state.edu/htbin/rfc/rfc1928.html

  rfc1929  Username/Password Authentication for SOCKS V5
     at http://www.socks.nec.com/rfc/rfc1929.txt
     or http://www.cis.ohio-state.edu/htbin/rfc/rfc1929.html

  rfc1961  GSS-API Authentication Method for SOCKS Version 5
     at http://www.socks.nec.com/rfc/rfc1961.txt
     or http://www.cis.ohio-state.edu/htbin/rfc/rfc1961.html

client configuration file /etc/libsocks5.conf at
http://spiderman.socks.nec.com/man/libsocks5.conf.5.html

configuration examples
http://spiderman.socks.nec.com/s5examples.html

general socks5 protocol infos
http://spiderman.socks.nec.com/man/socks5.1.html

server configuration file /etc/socks5.conf  (not needed)
http://spiderman.socks.nec.com/man/socks5.conf.5.html

How to SOCKSify a client
http://spiderman.socks.nec.com/how2socksify.html
 
 
This Page is maintained by Raghuram B. CSY R & D Bangalore, INDIA

Feedbacks/Comments

Last modified on $Date: 99/03/24 09:19:08 $

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2004 Hewlett-Packard Development Company, L.P.