DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

#1 2008-10-07 20:43:59

halfsoul
Member
Registered: 2008-01-28
Posts: 57

FTP Broken and ffp woes

Hi all,
I am battling what appears to be multiple issues, and the single-point failure solution eludes me.  Any help you can give will be much appreciated.  First brief background:
1. I have been using ffp 0.5 on usb for quite some time.
2. I run two independent drives with nightly backup using crontab & rsync.
3. I run an ftp server to a specific folder for anonymous access
4. FW 1.05
5. Started to set up OpenVPN, but got too busy to continue.

1st Symptom (resolved): A friend informed me that he could no longer access my anonymous ftp folder, that it was requiring a password.
2nd Symptom (resolved): When I checked the ftp settings via web utility, the user account assigned to that folder was "ftp" instead of anonymous.  I had never created this account, and it was not even a valid user.
- I deleted the ftp server for that location, then created a new folder share with the "Anonymous" account
3rd Symptom (persistent): Now I can successfully log in anonymously, but there are zero files/folders displayed, as if the directory were empty.
4th Symptom (resolved): I attempted to telnet in to grab some logs, but the putty window closed immediately as if the telnet service wasn't even running.
- I replaced my fun_plug with a known-good backup to boot ffp from the HDD instead of USB = still no telnet
- I installed a brand-new ffp = telnet access works
- I tried my original fun_plug (usb) and the known-good backup (HDD) with new ffp dir structure = no telnet
- solution was removing the duplicate ftp user (thanks fonz)

The 3rd symptom is my first priority.  Here are some of the troubleshooting steps I've taken to address the FTP issue (all to no avail):
- delete all ftp accounts, stop ftp server, re-add solitary anonymous folder
- Restore Factory defaults & no funplug
- Confirmed via rsync logs that no unwanted file changes have occured (or at least been recognized & copied)
- Power-cycled everything upstream of the DNS (switch, router, modem)
- Confirmed via router that port 21 is forwarded
- Confirmed via ShieldsUp! that port 21 is open
- Disabled other servers & optionals (UPnP, iTunes, DHCP, LLTD, DDNS, Jumbo Frames)
- Unplug USB entirely

The 4th symptom is the most puzzling to me.  How could ffp just stop working all of a sudden, but a new version works fine??  Here are some of the troubleshooting steps I've taken to address the ffp issue (all to no avail):
- Confirmed via rsync logs that no fun_plug files have changed (or at least been recognized & copied)
- Restore Factory defaults
- Unplug USB entirely

Here is the ffp log for a good (fresh install) start:

Code:

**** fun_plug script for DNS-323 (2008-08-11 tp@fonz.de) ****
Tue Oct  7 10:42:27 GMT 2008
ln -snf /mnt/HD_a2/ffp /ffp
* Running /ffp/etc/fun_plug.init ...
* Running /ffp/etc/rc ...
* /ffp/start/syslogd.sh inactive
* /ffp/start/SERVERS.sh inactive
* /ffp/start/portmap.sh inactive
* /ffp/start/unfsd.sh inactive
* /ffp/start/nfsd.sh inactive
* /ffp/start/ntpd.sh inactive
* /ffp/start/LOGIN.sh inactive
* /ffp/start/telnetd.sh ...
Starting /ffp/sbin/telnetd -l /ffp/bin/sh
* /ffp/start/sshd.sh inactive
* /ffp/start/rsyncd.sh inactive
* /ffp/start/mediatomb.sh inactive
* /ffp/start/kickwebs.sh inactive
* /ffp/start/lighttpd.sh inactive
* /ffp/start/inetd.sh inactive
*  OK

Here is a failed ffp startup from USB (original):

Code:

**** fun_plug script for DNS-323 (2008-04-13 tp@fonz.de) ****
Mon Oct  6 10:15:26 GMT 2008
Found usb-storage.ko module. Copying...
insmod usb-storage.ko
ln -snf /mnt/HD_a2/ffp /ffp
Waiting for ee750485-1b0a-414f-a32d-4c2f8d7f9e75 (up to 30 seconds) ...
/dev/sdc1: UUID="ee750485-1b0a-414f-a32d-4c2f8d7f9e75" TYPE="ext2" 
/dev/sdc1: UUID="ee750485-1b0a-414f-a32d-4c2f8d7f9e75" TYPE="ext2" 
Success. Found ee750485-1b0a-414f-a32d-4c2f8d7f9e75.
Mounting /dev/sdc1 on /mnt/USB
USB stick mounted
* Found FFP on USB device
ln -snf /mnt/USB/ffp /ffp
* Running /ffp/etc/rc ...
* /ffp/start/rcS.sh ...
utmp:x:22:
* /ffp/start/adjtimex.sh inactive
* /ffp/start/passwd.sh ...
Saving /etc/passwd to /etc/passwd.orig ...
Changing shells: /bin/sh -> /ffp/bin/sh ...
Updating /etc/shadow ...

Here is a failed ffp startup from HDD (known-good backup):

Code:

**** fun_plug script for DNS-323 (2008-04-13 tp@fonz.de) ****
Mon Oct  6 09:01:19 GMT 2008
ln -snf /mnt/HD_a2/ffp /ffp
* Running /ffp/etc/rc ...
* /ffp/start/rcS.sh ...
utmp:x:22:
* /ffp/start/adjtimex.sh inactive
* /ffp/start/passwd.sh ...
Saving /etc/passwd to /etc/passwd.orig ...
Changing shells: /bin/sh -> /ffp/bin/sh ...
Updating /etc/shadow ...

How is this possible?? Why are rcS.sh & passwd.sh being executed when they are not executable in the /mnt/HD_a2/ffp/start dir?  They are only executable in the /mnt/HD_a2/ffp_old/start dir!

Code:

/mnt/usb/ffp/start # ls -l
-rw-r--r--    1 root     root           52 Apr 19 05:26 LOGIN.sh
-rw-r--r--    1 root     root           36 Apr 19 05:26 SERVERS.sh
-rw-r--r--    1 root     root          698 Apr 19 05:26 adjtimex.sh
-rwxr-xr-x    1 root     root          381 Aug 14 16:42 editcron.sh
-rw-r--r--    1 root     root          203 Apr 19 04:11 inetd.sh
-rw-r--r--    1 root     root          229 Apr 15 06:06 kickwebs.sh
-rw-r--r--    1 root     root          223 Apr 15 06:06 lighttpd.sh
-rw-r--r--    1 root     root          267 Apr 15 06:52 mediatomb.sh
-rw-r--r--    1 root     root         1468 Apr 15 13:50 nfsd.sh
-rw-r--r--    1 root     root          526 Apr 15 09:00 ntpd.sh
-rwxr-xr-x    1 root     root          552 Apr 19 05:26 passwd.sh
-rw-r--r--    1 root     root          160 Apr 15 14:18 portmap.sh
-rwxr-xr-x    1 root     root          861 Apr 19 05:26 rcS.sh
-rw-r--r--    1 root     root          224 Apr 15 23:37 rsyncd.sh
-rwxr-xr-x    1 root     root          534 Apr 19 05:26 shells.sh
-rw-r--r--    1 root     root          971 Apr 14 13:19 sshd.sh
-rw-r--r--    1 root     root          398 Apr 19 04:11 syslogd.sh
-rwxr-xr-x    1 root     root          169 Apr 19 05:26 telnetd.sh
-rw-r--r--    1 root     root          998 Apr 16 13:33 unfsd.sh
-rw-r--r--    1 root     root         2064 Apr 19 05:26 usbdisk.sh
/mnt/usb/ffp/start # ls -l /mnt/HD_a2/ffp_old/start
-rw-r--r--    1 root     root           52 Apr 19 05:26 LOGIN.sh
-rw-r--r--    1 root     root           36 Apr 19 05:26 SERVERS.sh
-rw-r--r--    1 root     root          698 Apr 19 05:26 adjtimex.sh
-rw-r--r--    1 root     root          203 Apr 19 04:11 inetd.sh
-rw-r--r--    1 root     root          229 Apr 15 06:06 kickwebs.sh
-rw-r--r--    1 root     root          223 Apr 15 06:06 lighttpd.sh
-rw-r--r--    1 root     root          267 Apr 15 06:52 mediatomb.sh
-rw-r--r--    1 root     root         1468 Apr 15 13:50 nfsd.sh
-rw-r--r--    1 root     root          526 Apr 15 09:00 ntpd.sh
-rwxr-xr-x    1 root     root          552 Apr 19 05:26 passwd.sh
-rw-r--r--    1 root     root          160 Apr 15 14:18 portmap.sh
-rwxr-xr-x    1 root     root          861 Apr 19 05:26 rcS.sh
-rw-r--r--    1 root     root          224 Apr 15 23:37 rsyncd.sh
-rwxr-xr-x    1 root     root          534 Apr 19 05:26 shells.sh
-rw-r--r--    1 root     root          971 Apr 14 13:19 sshd.sh
-rw-r--r--    1 root     root          398 Apr 19 04:11 syslogd.sh
-rwxr-xr-x    1 root     root          169 Apr 19 05:26 telnetd.sh
-rw-r--r--    1 root     root          998 Apr 16 13:33 unfsd.sh
-rw-r--r--    1 root     root         2064 Apr 19 05:26 usbdisk.sh
/mnt/usb/ffp/start # ls -l /mnt/HD_a2/ffp/start
-rw-r--r--    1 root     root           52 Aug 17 06:29 LOGIN.sh
-rw-r--r--    1 root     root           35 Aug 17 06:29 SERVERS.sh
-rw-r--r--    1 root     root          203 Sep 29 11:45 inetd.sh
-rw-r--r--    1 root     root          229 Sep 30 03:19 kickwebs.sh
-rw-r--r--    1 root     root          223 Sep 30 03:19 lighttpd.sh
-rw-r--r--    1 root     root          267 Apr 15 06:52 mediatomb.sh
-rw-r--r--    1 root     root         1468 Apr 15 13:50 nfsd.sh
-rw-r--r--    1 root     root          526 Apr 15 09:00 ntpd.sh
-rw-r--r--    1 root     root          160 Apr 15 14:18 portmap.sh
-rw-r--r--    1 root     root          224 Sep 14 07:02 rsyncd.sh
-rw-r--r--    1 root     root          971 Sep 30 01:38 sshd.sh
-rw-r--r--    1 root     root          383 Sep 29 11:45 syslogd.sh
-rwxr-xr-x    1 root     root          169 Sep 29 11:45 telnetd.sh
-rw-r--r--    1 root     root          998 Apr 16 13:33 unfsd.sh

And finally, here is my last successful ffp startup using the original USB boot:

Code:

**** fun_plug script for DNS-323 (2008-04-13 tp@fonz.de) ****
Thu Aug 14 15:57:07 GMT 2008
Found usb-storage.ko module. Copying...
insmod usb-storage.ko
ln -snf /mnt/HD_a2/ffp /ffp
Waiting for ee750485-1b0a-414f-a32d-4c2f8d7f9e75 (up to 30 seconds) ...
/dev/sdc1: UUID="ee750485-1b0a-414f-a32d-4c2f8d7f9e75" TYPE="ext2" 
/dev/sdc1: UUID="ee750485-1b0a-414f-a32d-4c2f8d7f9e75" TYPE="ext2" 
Success. Found ee750485-1b0a-414f-a32d-4c2f8d7f9e75.
Mounting /dev/sdc1 on /mnt/USB
USB stick mounted
* Found FFP on USB device
ln -snf /mnt/USB/ffp /ffp
* Running /ffp/etc/rc ...
* /ffp/start/rcS.sh ...
* /ffp/start/adjtimex.sh inactive
* /ffp/start/passwd.sh ...
Saving /etc/passwd to /etc/passwd.orig ...
Changing shells: /bin/sh -> /ffp/bin/sh ...
Updating /etc/shadow ...
* /ffp/start/shells.sh ...
* /ffp/start/syslogd.sh inactive
* /ffp/start/SERVERS.sh inactive
* /ffp/start/usbdisk.sh inactive
* /ffp/start/portmap.sh inactive
* /ffp/start/unfsd.sh inactive
* /ffp/start/nfsd.sh inactive
* /ffp/start/ntpd.sh inactive
* /ffp/start/LOGIN.sh inactive
* /ffp/start/telnetd.sh ...
Starting /ffp/sbin/telnetd -l /ffp/bin/sh
* /ffp/start/sshd.sh inactive
* /ffp/start/rsyncd.sh inactive
* /ffp/start/mediatomb.sh inactive
* /ffp/start/kickwebs.sh inactive
* /ffp/start/lighttpd.sh inactive
* /ffp/start/inetd.sh inactive
*  OK

I do not know what utmp:x:22: means, or why it appears in the bad logs only.  I am quickly running out of ideas, and really hope someone knows a solution off the top of their head (or at least more troubleshooting ideas).  Some of the things I am considering:
- removing executables even though they shouldn't be accessed (this won't solve the ftp issue anyway)
- re-flashing firmware

Thanks in advance for helping me.  Until I get this sorted out I have pulled my second hard drive

edit: 4th issue resolved.

Last edited by halfsoul (2008-10-08 18:23:23)

Offline

 

#2 2008-10-07 21:26:06

fonz
Member / Developer
From: Berlin
Registered: 2007-02-06
Posts: 1716
Website

Re: FTP Broken and ffp woes

You most likely have a duplicate ftp user. This is not a problem with the recent ffp versions, but made early 0.5 hang at /ffp/start/passwd.sh (-> no telnet)
See http://dns323.kood.org/howto:ffp#the_root_user (pwck and grpck).

Offline

 

#3 2008-10-08 18:20:42

halfsoul
Member
Registered: 2008-01-28
Posts: 57

Re: FTP Broken and ffp woes

fonz wrote:

You most likely have a duplicate ftp user. This is not a problem with the recent ffp versions, but made early 0.5 hang at /ffp/start/passwd.sh (-> no telnet)
See http://dns323.kood.org/howto:ffp#the_root_user (pwck and grpck).

fonz, you're the man, thank you!

However, my ftp is still broken.  Any ideas on that front?

Thanks!

Offline

 

#4 2008-10-08 22:03:43

halfsoul
Member
Registered: 2008-01-28
Posts: 57

Re: FTP Broken and ffp woes

I finally took the relatively simple troubleshooting step of trying to access the DNS via FTP locally.  It too fails, although all the communication seems to be operating normally.  From the client log:

Code:

Status:    Connecting to 192.168.0.200:21...
Status:    Connection established, waiting for welcome message...
Response:    220---------- Welcome to Pure-FTPd [TLS] ----------
Response:    220-You are user number 1 of 10 allowed.
Response:    220-Local time is now 11:56. Server port: 21.
Response:    220 You will be disconnected after 2 minutes of inactivity.
Command:    USER anonymous
Response:    230 Anonymous user logged in
Command:    SYST
Response:    215 UNIX Type: L8
Command:    FEAT
Response:    211-Extensions supported:
Response:     EPRT
Response:     IDLE
Response:     MDTM
Response:     SIZE
Response:     REST STREAM
Response:     MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:     MLSD
Response:     ESTP
Response:     PASV
Response:     EPSV
Response:     SPSV
Response:     ESTA
Response:     AUTH TLS
Response:     PBSZ
Response:     PROT
Response:    211 End.
Status:    Connected
Status:    Retrieving directory listing...
Command:    PWD
Response:    257 "/" is your current location
Command:    TYPE I
Response:    200 TYPE is now 8-bit binary
Command:    PASV
Response:    227 Entering Passive Mode (192,168,0,200,191,43)
Command:    LIST
Response:    150 Accepted data connection
Response:    226-ASCII
Response:    226-Options: -l 
Response:    226 0 matches total
Status:    Directory listing successful

The DNS is still passing nothing to the client as if the folder were empty (I assure you it is not).  What gives?? sad


Attachments:
Attachment Icon ftp-filezilla.PNG, Size: 8,632 bytes, Downloads: 235

Offline

 

#5 2008-10-09 21:49:09

halfsoul
Member
Registered: 2008-01-28
Posts: 57

Re: FTP Broken and ffp woes

FINALLY! Got it solved
OK, I'm going to try and break this down in case anyone has a similar issue in the future.  It seems the single-point failure I was seeking was fonz' original assessment: duplicate user entries.  I still don't fully understand:
a) How the duplicate user entry came to be in the first place, and
b) why removing the duplicate user didn't solve my problem the first time, or
c) why hard resets and firmware flashes didn't fix it either

How I figured it out: I observed that newly-created users worked just fine.  One thing I tried was to check the "All accounts" box when adding an ftp user, and was surprised to see three entries (attached):
ftp
testuser
anonymous

I was expecting only testuser and maybe anonymous, since I had deleted all other users and groups.  I had previously discovered that pure-ftpd uses an account called "ftp" for Anonymous access, and also remembered my 2nd Symptom (see original post).  With some more digging, I discovered that ftp account directory bindings are stored in /etc/passwd
Here is what mine contained:

Code:

/ # cat /etc/passwd
root:x:0:0:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
admin:x:500:500:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
nobody:x:501:501:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
ftp:x:95:95::/mnt/HD_a2/Media/Music/Indie:/bin/sh
testuser:x:502:502:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
ftp:*:95:95::/mnt/HD_a2/Media/Music/Indie:/bin/sh

At this point, I didn't know which ftp entry was the correct entry, so I guessed and used pwck to delete the second entry, then deleted the ftp user entry "ftp" via the web interface.  For some reason (undoubtedly related to me deleting the wrong duplicate entry), an ftp user still existed:

Code:

/ # cat /etc/passwd
root:x:0:0:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
admin:x:500:500:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
nobody:x:501:501:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
ftp:x:95:95::/home/ftp:/bin/sh
testuser:x:502:502:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh

I added the Anonymous ftp user via the web interface again, and sure enough: the ftp user was duplicated again:

Code:

/ # cat /etc/passwd
root:x:0:0:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
admin:x:500:500:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
nobody:x:501:501:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
ftp:x:95:95::/home/ftp:/bin/sh
testuser:x:502:502:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
ftp:*:95:95::/mnt/HD_a2/Media/Music/Indie:

This time I deleted the correct passwd entry and viola, the anonymous account is restored!

Code:

/ # pwck
duplicate password entry
delete line 'ftp:x:95:95::/home/ftp:/bin/sh'? y
user testuser: no group 502
user ftp: no group 95
pwck: the files have been updated

/ # cat /etc/passwd
root:x:0:0:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
admin:x:500:500:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
nobody:x:501:501:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
testuser:x:502:502:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
ftp:*:95:95::/mnt/HD_a2/Media/Music/Indie:

Now for what I hope will be the last two questions of this thread:
1) Since I checked the "All accounts" box when adding an ftp user as part of my troubleshooting, the root, admin, and nobody users have a default ftp directory associated with them.  Should I be concerned?  If so, what is the correct way to restore default?
2) Can someone please verify that my passwd entries are OK/normal, perhaps even be good enough to post an example of your own passwd file?


Attachments:
Attachment Icon allusers.PNG, Size: 14,688 bytes, Downloads: 246

Offline

 

#6 2008-10-09 23:02:57

fonz
Member / Developer
From: Berlin
Registered: 2007-02-06
Posts: 1716
Website

Re: FTP Broken and ffp woes

Wow. Thanks for investigating the issue that thoroughly. I've added a link to your analysis to http://dns323.kood.org/howto:ffp#troubleshooting . I think others will find it useful wink

1) Since I checked the "All accounts" box when adding an ftp user as part of my troubleshooting, the root, admin, and nobody users have a default ftp directory associated with them.  Should I be concerned?  If so, what is the correct way to restore default?

You can always use 'usermod -d' to adjust home directories. I've set all home directories to /mnt/HD_a2/home/<user> and never use the web interface (it's constantly asking to reformat, so I don't touch it). The tools in ffp should allow for complete user management without the help of the web interface.

2) Can someone please verify that my passwd entries are OK/normal, perhaps even be good enough to post an example of your own passwd file?

Looks ok to me. There's another file, /etc/shadow that stores encrypted passwords. There should be another line for each user (you can use pwconv to create missing entries).

Offline

 

#7 2008-10-13 20:03:16

halfsoul
Member
Registered: 2008-01-28
Posts: 57

Re: FTP Broken and ffp woes

I found a probable root cause.  After implementing OpenVPN, activating the root user, and enabling SSL, ftp ceased to work again.  I believe one of those three changed my user entries, because after making those changes my user definitions changed:

root@T4HDD:~# cat /etc/passwd
root:x:0:0:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/ffp/bin/sh
admin:x:500:500:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
nobody:x:501:501:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
ftp:x:95:95::/mnt/HD_a2/Media/Music/Indie:
sshd:x:33:33:sshd:/:/bin/false

(notice the x instead of a * in the ftp entry)

I made the correction (x to *) using vipw, and all was well again...

Code:

root@T4HDD:~# cat /etc/passwd
root:x:0:0:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/ffp/bin/sh
admin:x:500:500:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
nobody:x:501:501:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
ftp:*:95:95::/mnt/HD_a2/Media/Music/Indie:
sshd:x:33:33:sshd:/:/bin/false

...until a reboot.  Then the passwd reverted back to the non-anonymous configuration.  Made the correction once again, then wrote to flash using store-passwd.sh
Now a reboot does not affect the anonymous ftp account.  *whew*

I suspect the change occurred after creating the root password.


Attachments:
Attachment Icon ftp-anon_fix.PNG, Size: 20,945 bytes, Downloads: 254

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB