Fastream Technologies wrote: > Hello Arno, > > Either we are having a kind of communication problem or you did not > read what I sent you privately. We prefer to sponsor YOU to do it for > some money so that WE donate the code to OVERBYTE.
I think what you want is something that should be coded at the application level. Derive your own component from TFtpCtrlSocket add a TNtlmAuthSession. When the user is logged validate user credentials, don't cleanup the session. Before a transfer starts you will have to impersonate the context at least once temporarily in order to check whether access is allowed. If subsequent read/write operations shall be executed in server context the server must own the same or higher privileges, of course. I've never coded something like that so it's just an idea of how it might work. > If this is not > possible, then there are some more questions we must ask. Such as what > should be passed to "domain" which was not asked in our reverse proxy! AFAIR, if blank current domain or local host is used, otherwise specified domain, but not for sure, it was very easy to scribble a small test project to find that out. -- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html > > Regards, > > SZ > > On 5/8/07, Arno Garrels <[EMAIL PROTECTED]> wrote: >> Fastream Technologies wrote: >>> Ok. Another misunderstanding... Let me explain: the client will send >>> the USER PASS just as any FTP client does. Then the server will >>> decide what rights he has wrt Activedirectory domain. I hope you >>> get it now. >> >> In OverbyteIcsNtlmSsp.pas have a look at function >> >> TNtlmAuthSession.ValidateUserCredentials( >> const AUser, APassword, ADomain: String; >> CleanUpSession: Boolean): Boolean; >> >> If you want to call ImpersonateContext/RevertContext pass FALSE in >> parameter CleanUpSession. >> >> -- >> Arno Garrels [TeamICS] >> http://www.overbyte.be/eng/overbyte/teamics.html >> >>> >>> Regardsi, >>> >>> SZ >>> >>> On 5/8/07, Arno Garrels <[EMAIL PROTECTED]> wrote: >>>> Fastream Technologies wrote: >>>>> I am talking about FTP SERVER. Can you help us build NTLM security >>>>> to TFtpServer? Or, IS THIS POSSIBLE? >>>> >>>> Do you know any FTP client with NTLM support? >>>> >>>> -- >>>> Arno Garrels [TeamICS] >>>> http://www.overbyte.be/eng/overbyte/teamics.html >>>> >>>>> >>>>> Regards, >>>>> >>>>> SZ >>>>> >>>>> On 5/7/07, Arno Garrels <[EMAIL PROTECTED]> wrote: >>>>>> I missed the keyword "FTP". NTLM isn't available in any of the >>>>>> FTP components. >>>>>> >>>>>> Arno Garrels wrote: >>>>>>> Fastream Technologies wrote: >>>>>>> >>>>>>>> - Arno told me that one would need to impersonate the thread >>>>>>>> and then attempt to read/write on network. However, since the >>>>>>>> thread is also used by other users, would we need to >>>>>>>> impersonate every time we do a TFileStream operation?? Or is >>>>>>>> it just for the test?? >>>>>>> >>>>>>> If the server admin wants to control access to files'n folders >>>>>>> only by Windows security you probably hit the point where one >>>>>>> (impersonated) thread per user was best choice? Otherwise you >>>>>>> could handle NTLM like any other authentication type. >>>>>>> >>>>>>> -- >>>>>>> Arno Garrels [TeamICS] >>>>>>> http://www.overbyte.be/eng/overbyte/teamics.html >>>>>> -- >>>>>> To unsubscribe or change your settings for TWSocket mailing list >>>>>> please goto http://www.elists.org/mailman/listinfo/twsocket >>>>>> Visit our website at http://www.overbyte.be >>>> -- >>>> To unsubscribe or change your settings for TWSocket mailing list >>>> please goto http://www.elists.org/mailman/listinfo/twsocket >>>> Visit our website at http://www.overbyte.be >> -- >> To unsubscribe or change your settings for TWSocket mailing list >> please goto http://www.elists.org/mailman/listinfo/twsocket >> Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
