Socksified ftp for MPE/iX


	»	Home

	»	Software
	»	Papers & Training
	»	Java

Socksmpe v1.0 - may 1, 2001

THIS SOFTWARE IS NOT SUPPORTED BY HP. USE AT YOUR OWN RISK!

This distribution was created so that the MPE/iX FTP client FTP.ARPA.SYS can be "socksified" so intranet users can establish FTP connections to the Internet side of a firewall via a socks server.

An alternative socksified FTP client for MPE/iX was released in 1999, but that version was a special binary-only build of FTP.ARPA.SYS and the NEC Socks client library. It was only designed to run on MPE/iX 6.0, was prone to causing system aborts on 6.5, and was never updated with HP patches for the regular FTP client. In addition, the NEC Socks client library has a license that forbids commercial use. This alternative distribution is still available further down this web page, but it should be considered obsolete and avoided if possible.

This new SocksMPE distribution has a different architecture that does not require special source builds or binary modifications of the program being socksified. As a result, even though you've socksified official HP software such as FTP.ARPA.SYS, the OS patch & update process will still be able to deliver new functionality to the socksified program.

The HP Socks library is now used instead of the NEC one. Commercial use does not appear to be prohibited, but selling software based on this code may be problematic. I am not a lawyer; you are solely responsible for determining whether or not your use of this software is legal. For more info about the HP Socks library, please see:

http://socks.hp.com/ (HP intranet access only)
ftp://ftp.cup.hp.com/dist/socks/ (Internet access allowed)

Distribution contents

README: you're reading it now
Makefile: top-level Makefile for compiling & installing
SFTP: socksification wrapper script for FTP.ARPA.SYS
SOCKS-SOURCE/: HP Socks library directory tree
SOCKSXL: pre-compiled binary NMXL socksification shared library
intercept/: MPE socket interceptor directory tree
socks.conf: sample client config file for the HP Socks library

How to install

Download the tarball from socksmpe-1.0.tar.Z to your e3000 as /tmp/socksmpe.tar.Z.
:HELLO MANAGER.SYS
:XEQ SH.HPBIN.SYS -L
cd /usr/contrib/src
tar xvfopz /tmp/socksmpe.tar.Z
cd socksmpe*
make (optional step to compile; gcc is required for compilation)
make install (creates /etc/socks.conf, /SYS/NET/SOCKSXL, /SYS/ARPA/SFTP, and man pages in /usr/contrib/man/)
edit /etc/socks.conf as appropriate for your environment

How to use

To invoke socksified FTP from the MPE CI:

:XEQ SFTP.ARPA.SYS [hostname]

To invoke socksified FTP from the POSIX shell:

/SYS/ARPA/SFTP [hostname]

Please note that the CI and the shell use the same script file.

How it works

SocksMPE is designed to socksify code that has been statically linked with either SOCKETRL.NET.SYS or /usr/lib/libsocket.a. When you call a Berkeley Sockets function such as connect() and then link with these libraries, a small wrapper function for connect() is added which calls an external function HPCONNECT() which resides in XL.PUB.SYS.

SocksMPE consists of an NMXL called SOCKSXL.NET.SYS which traps these calls to the underlying Berkeley functions such as HPCONNECT(), redirects them to the HP Socks client library which will then eventually do a real Berkeley connect() which must be resolved in SOCKETXL.NET.SYS.

To summarize, your program without socksification:

you -> connect() in libsocket.a -> HPCONNECT() in XL.PUB.SYS

Your program with socksification:

you -> connect() in libsocket.a -> HPCONNECT() in SOCKSXL.NET.SYS -> Rconnect() in SOCKSXL.NET.SYS -> connect() in SOCKETXL.NET.SYS -> HPCONNECT() in XL.PUB.SYS

To actually socksify your program, your need to specify SOCKSXL.NET.SYS and SOCKETXL.NET.SYS at either link time or run time, i.e.:

:XEQ LINKEDIT.PUB.SYS 'ALTPROG FOOBAR;XL=SOCKSXL.NET.SYS,SOCKETXL.NET.SYS'

:RUN FOOBAR;XL='SOCKSXL.NET.SYS,SOCKETXL.NET.SYS'

The SFTP script supplied with this distribution takes the latter approach.

Limitations

SocksMPE was solely designed to socksify FTP.ARPA.SYS on MPE/iX 6.5. It has not been tested on other programs or other versions of MPE.

The HP Socks library contains replacement functions for dup(), dup2(), gethostbyname(), and gethostbyaddr(), but since FTP.ARPA.SYS does not use dup() or dup2(), and HP intranet machines can access external Internet DNS information, SOCKSXL does not currently contain code to intercept these four functions.

Only the barest minimum necessary of the HP Socks library has been compiled for SocksMPE. Things NOT referenced by SOCKS-SOURCE/Makefile.mpe are COMPLETELY untested.

Change log

v1.0 May 1, 2001: Initial public release.

THE REMAINDER OF THIS WEB PAGE PERTAINS TO THE OBSOLETE VERSION OF SOCKSIFIED FTP. YOU SHOULD BE USING THE SOCKSMPE DISTRIBUTION DESCRIBED ABOVE INSTEAD.

Disclaimer

THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, TRADE OR PRACTICE.

IN NO EVENT SHALL HP OR ANY OF ITS AFFILIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

HP is the exclusive owner of SOCKSified FTP on HP3000. NEC USA is the exclusive owner of SOCKS5 source and binaries.

Customers are subject to the following terms while using the Software. (Here Software refers to NEC's "libsocks.a" library)

a. They may use the Software for non-commercial purpose only, such as academic, research, and internal business use.

b. They may not reverse engineer, disassemble or decompile the Software.

c. They may not copy and distribute the Software nor any of its derivativies in whole or in part unless:

NEC may not be contacted in case of any problems with SOCKSified FTP.

What is socks?

SOCKS is a networking proxy protocol that enables hosts on one side of SOCKS server to gain full access to hosts on the other side of the SOCKS server without requiring direct IP reachability. SOCKS redirects connection requests from hosts on opposite sides of a SOCKS server. The SOCKS server authenticates and authorizes the requests, establishes a proxy connection, and relays data.

SOCKS is commonly used as a network firewall that enables hosts behind a SOCKS server to gain full access to the Internet, while preventing unauthorized access from the Internet to the internal hosts.

There are two major versions of SOCKS: SOCKS V4 and SOCKS V5.

Prerequisites

1. You should be running MPE 6.0, with FTP having the following

HP FTP/XL HP36957 overall version = A.00.09

Note: You can have SOCKSified FTP running on MPE 5.5 (with the latest FTP GR patch). However, there might be inconsistent behaviour. (See below for details)

2. You need access to a SOCKS server (SOCKS4 or SOCKS5 server, to be precise) on your Intranet, and create the file /etc/libsocks5.conf

A sample content of this file is

noproxy c,b,u 96. - MANAGER.SYS socks1.domain.com
socks4 c,b,u 11.12.13.14 - MANAGER.SYS socks2.domain.com

The first field indicates whether the server is a SOCKS4 or SOCKS5 server. (Unless you get this right, socksified FTP won't work right!) For hosts inside the intranet "noproxy" can be used. The last field is the name of the SOCKS server. c,b,u stand respectively for connect, bind, UDP.

For more details of the various options above, refer to
http://spiderman.socks.nec.com/man/libsocks5.conf.5.html

Other information (must read)

Socksified FTP has been created by linking the FTP 6.0 object files with NEC's SOCKS5V1.0R6 library, libsocks5.a, ported to MPE/iX by Holger Wiemann. It is also linked with the POSIX library libbsd.a available elsewhere on this system. This is to resolve certain unresolved externals. (libbsd.a is NOT supported by HP)

Socksified FTP makes use of the catalog and help files of the normal FTP on MPE 6.0, namely FTPC000 and FTPHELP respectively. If it is run on MPE 5.5, it will make use of the 5.5 catalog and help files. This might result in some inconsistencies in the behaviour. However, it will not make use of any other files. Hence, it is perfectly okay for FTPMON to be running and receiving incoming FTP connections and SFTP being invoked for external connections.

The current binaries of socksified FTP are the socksified binaries of normal FTP of the base MPE 6.0 release. HP makes no claims to keeping the binaries updated as and when patches for FTP 6.0 are released.

If a customer finds a problem with the SFTP, they will need to duplicate this same problem with normal FTP before they can call HP for support.

Download socksified ftp

The socksified FTP distribution is a tarball with the following files

SFTP - socksified FTP client
SFTPXL - socksified FTPXL

This may be copied to ARPA.SYS. To run SOCKSified FTP, type "SFTP.ARPA.SYS" from the MPE prompt.

sftp.tar.Z - compressed tar archive containing SFTP - socksified FTP program file, and
SFTPXL - socksified FTP XL. Transfer this tarball to your 3000, uncompress it ($uncompress sftp.tar.Z), unarchive it ($tar xvf sftp.tar) and you'll see:

... from the shell:


-rw-r-----  1 MANAGER.SYS    SYS   882715 Dec 11 13:10 sftp.tar.Z
-rwxrwx---  1 MANAGER.SYS    SYS   845824 Dec 11 13:11 SFTP
-rwxrwx---  1 MANAGER.SYS    SYS  1226496 Dec 11 13:11 SFTPXL

... from the CI:


CODE ------------LOGICAL RECORD-----------  ----SPACE----      FILENAME
          SIZE  TYP         EOF      LIMIT  R/B SECTORS #X MX 
NMPRG     128W  FB         3304       3312   1     3312 13  *  SFTP
NMXL      128W  FB         4791    4096000   1     6144  6  *  SFTPXL