Socksified ftp for MPE/iX
Socksmpe v1.0 - may 1, 2001THIS SOFTWARE IS NOT SUPPORTED BY HP. USE AT YOUR OWN RISK! This distribution was created so that the MPE/iX FTP client FTP.ARPA.SYS can be "socksified" so intranet users can establish FTP connections to the Internet side of a firewall via a socks server. An alternative socksified FTP client for MPE/iX was released in 1999, but that version was a special binary-only build of FTP.ARPA.SYS and the NEC Socks client library. It was only designed to run on MPE/iX 6.0, was prone to causing system aborts on 6.5, and was never updated with HP patches for the regular FTP client. In addition, the NEC Socks client library has a license that forbids commercial use. This alternative distribution is still available further down this web page, but it should be considered obsolete and avoided if possible. This new SocksMPE distribution has a different architecture that does not require special source builds or binary modifications of the program being socksified. As a result, even though you've socksified official HP software such as FTP.ARPA.SYS, the OS patch & update process will still be able to deliver new functionality to the socksified program. The HP Socks library is now used instead of the NEC one. Commercial use does not appear to be prohibited, but selling software based on this code may be problematic. I am not a lawyer; you are solely responsible for determining whether or not your use of this software is legal. For more info about the HP Socks library, please see:
How to install
How to useTo invoke socksified FTP from the MPE CI: :XEQ SFTP.ARPA.SYS [hostname] To invoke socksified FTP from the POSIX shell: /SYS/ARPA/SFTP [hostname] Please note that the CI and the shell use the same script file.
How it worksSocksMPE is designed to socksify code that has been statically linked with either SOCKETRL.NET.SYS or /usr/lib/libsocket.a. When you call a Berkeley Sockets function such as connect() and then link with these libraries, a small wrapper function for connect() is added which calls an external function HPCONNECT() which resides in XL.PUB.SYS. SocksMPE consists of an NMXL called SOCKSXL.NET.SYS which traps these calls to the underlying Berkeley functions such as HPCONNECT(), redirects them to the HP Socks client library which will then eventually do a real Berkeley connect() which must be resolved in SOCKETXL.NET.SYS. To summarize, your program without socksification: you -> connect() in libsocket.a -> HPCONNECT() in XL.PUB.SYS Your program with socksification: you -> connect() in libsocket.a -> HPCONNECT() in SOCKSXL.NET.SYS -> Rconnect() in SOCKSXL.NET.SYS -> connect() in SOCKETXL.NET.SYS -> HPCONNECT() in XL.PUB.SYS To actually socksify your program, your need to specify SOCKSXL.NET.SYS and SOCKETXL.NET.SYS at either link time or run time, i.e.: :XEQ LINKEDIT.PUB.SYS 'ALTPROG FOOBAR;XL=SOCKSXL.NET.SYS,SOCKETXL.NET.SYS' or :RUN FOOBAR;XL='SOCKSXL.NET.SYS,SOCKETXL.NET.SYS' The SFTP script supplied with this distribution takes the latter approach.
LimitationsSocksMPE was solely designed to socksify FTP.ARPA.SYS on MPE/iX 6.5. It has not been tested on other programs or other versions of MPE. The HP Socks library contains replacement functions for dup(), dup2(), gethostbyname(), and gethostbyaddr(), but since FTP.ARPA.SYS does not use dup() or dup2(), and HP intranet machines can access external Internet DNS information, SOCKSXL does not currently contain code to intercept these four functions. Only the barest minimum necessary of the HP Socks library has been compiled for SocksMPE. Things NOT referenced by SOCKS-SOURCE/Makefile.mpe are COMPLETELY untested.
THE REMAINDER OF THIS WEB PAGE PERTAINS TO THE OBSOLETE VERSION OF SOCKSIFIED FTP. YOU SHOULD BE USING THE SOCKSMPE DISTRIBUTION DESCRIBED ABOVE INSTEAD.
DisclaimerTHIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, TRADE OR PRACTICE. IN NO EVENT SHALL HP OR ANY OF ITS AFFILIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
HP is the exclusive owner of SOCKSified FTP on HP3000. NEC USA is the exclusive owner of SOCKS5 source and binaries. SOCKS5 :Copyright (c) 1995-1998 NEC Corporation. All rights reserved. Customers are subject to the following terms while using the Software. (Here Software refers to NEC's "libsocks.a" library) a. They may use the Software for non-commercial purpose only, such as academic, research, and internal business use. b. They may not reverse engineer, disassemble or decompile the Software. c. They may not copy and distribute the Software nor any of its derivativies in whole or in part unless:
ii. the copyright notice and this list of conditions appears on all copies;
iii. no charge is associated with the distribution of such copies, and;
iv. NEC Corporation retains ownership of the Software.
What is socks?SOCKS is a networking proxy protocol that enables hosts on one side of SOCKS server to gain full access to hosts on the other side of the SOCKS server without requiring direct IP reachability. SOCKS redirects connection requests from hosts on opposite sides of a SOCKS server. The SOCKS server authenticates and authorizes the requests, establishes a proxy connection, and relays data. SOCKS is commonly used as a network firewall that enables hosts behind a SOCKS server to gain full access to the Internet, while preventing unauthorized access from the Internet to the internal hosts. There are two major versions of SOCKS: SOCKS V4 and SOCKS V5.
Prerequisites1. You should be running MPE 6.0, with FTP having the following HP FTP/XL HP36957 overall version = A.00.09 Note: You can have SOCKSified FTP running on MPE 5.5 (with the latest FTP GR patch). However, there might be inconsistent behaviour. (See below for details) 2. You need access to a SOCKS server (SOCKS4 or SOCKS5 server, to be precise) on your Intranet, and create the file /etc/libsocks5.conf A sample content of this file is noproxy c,b,u 96. - MANAGER.SYS socks1.domain.com
socks4 c,b,u 220.127.116.11 - MANAGER.SYS socks2.domain.com The first field indicates whether the server is a SOCKS4 or SOCKS5 server. (Unless you get this right, socksified FTP won't work right!) For hosts inside the intranet "noproxy" can be used. The last field is the name of the SOCKS server. c,b,u stand respectively for connect, bind, UDP. For more details of the various options above, refer to
Other information (must read)Socksified FTP has been created by linking the FTP 6.0 object files with NEC's SOCKS5V1.0R6 library, libsocks5.a, ported to MPE/iX by Holger Wiemann. It is also linked with the POSIX library libbsd.a available elsewhere on this system. This is to resolve certain unresolved externals. (libbsd.a is NOT supported by HP) Socksified FTP makes use of the catalog and help files of the normal FTP on MPE 6.0, namely FTPC000 and FTPHELP respectively. If it is run on MPE 5.5, it will make use of the 5.5 catalog and help files. This might result in some inconsistencies in the behaviour. However, it will not make use of any other files. Hence, it is perfectly okay for FTPMON to be running and receiving incoming FTP connections and SFTP being invoked for external connections. The current binaries of socksified FTP are the socksified binaries of normal FTP of the base MPE 6.0 release. HP makes no claims to keeping the binaries updated as and when patches for FTP 6.0 are released. If a customer finds a problem with the SFTP, they will need to duplicate this same problem with normal FTP before they can call HP for support.
Download socksified ftpThe socksified FTP distribution is a tarball with the following files SFTP - socksified FTP client
SFTPXL - socksified FTPXL This may be copied to ARPA.SYS. To run SOCKSified FTP, type "SFTP.ARPA.SYS" from the MPE prompt. sftp.tar.Z - compressed tar archive containing SFTP - socksified FTP program file, and
SFTPXL - socksified FTP XL. Transfer this tarball to your 3000, uncompress it ($uncompress sftp.tar.Z), unarchive it ($tar xvf sftp.tar) and you'll see: ... from the shell:
-rw-r----- 1 MANAGER.SYS SYS 882715 Dec 11 13:10 sftp.tar.Z -rwxrwx--- 1 MANAGER.SYS SYS 845824 Dec 11 13:11 SFTP -rwxrwx--- 1 MANAGER.SYS SYS 1226496 Dec 11 13:11 SFTPXL... from the CI:
CODE ------------LOGICAL RECORD----------- ----SPACE---- FILENAME SIZE TYP EOF LIMIT R/B SECTORS #X MX NMPRG 128W FB 3304 3312 1 3312 13 * SFTP NMXL 128W FB 4791 4096000 1 6144 6 * SFTPXL
socks5 Debug/trace informationBy setting the following, you can get debug/trace information as SFTP runs. From MPE prompt setvar SOCKS5_DEBUG 255
setvar SOCKS5_LOG_STDERR true From POSIX prompt export SOCKS5_DEBUG=255
For SOCKS V4 there is no rfc mentioned but a specification paper at
is an Open Internet Standard and you'll find three rfcs:
or http://www.cis.ohio-state.edu/htbin/rfc/rfc1928.html rfc1929 Username/Password Authentication for SOCKS V5
or http://www.cis.ohio-state.edu/htbin/rfc/rfc1929.html rfc1961 GSS-API Authentication Method for SOCKS Version 5
http://spiderman.socks.nec.com/man/libsocks5.conf.5.html configuration examples
http://spiderman.socks.nec.com/s5examples.html general socks5 protocol infos
http://spiderman.socks.nec.com/man/socks5.1.html server configuration file /etc/socks5.conf (not needed)
http://spiderman.socks.nec.com/man/socks5.conf.5.html How to SOCKSify a client
http://spiderman.socks.nec.com/how2socksify.html Last modified on $Date: 99/03/24 09:19:08 $