Discussion:
[Synalist] Synapse in Lazarus on Linux with user privileges not working.
Piotr Polok
2015-08-11 20:22:10 UTC
Permalink
Hi,

when I start Lazarus IDE from root account the PingSend.PingHost(host)
works properly, but when I start Lazarus IDE from user account the
PingSend.PingHost(host) gives all the time '-1' result.

Lazarus version: 1.4.2
FPC, FPC-SRC version: 2.6.4
Synapse version: 40
OS: Debina 8.1 on Oracle VM

please help in solving this problem.
Piort Polok

------------------------------------------------------------------------------
Marius Dalacu
2015-08-11 20:44:10 UTC
Permalink
That's because on Linux you must be root to send ping packets for users not to flood hosts with ping packets. It is a security thing. You can not bind to a port below 1024 as a normal user. 

-------- Original message --------
From: Piotr Polok <***@polok.pl>
Date: 11/08/2015 23:22 (GMT+02:00)
To: Ararat Synapse <synalist-***@lists.sourceforge.net>
Subject: [Synalist] Synapse in Lazarus on Linux with user privileges not working.

Hi,

when I start Lazarus IDE from root account the PingSend.PingHost(host)
works properly, but when I start Lazarus IDE from user account the
PingSend.PingHost(host) gives all the time '-1' result.

Lazarus version: 1.4.2
FPC, FPC-SRC version: 2.6.4
Synapse version: 40
OS: Debina 8.1 on Oracle VM

please help in solving this problem.
Piort Polok

------------------------------------------------------------------------------
Lukas Gebauer
2015-08-12 12:56:01 UTC
Permalink
It is worst! You need rights for RAW socket.

Similar situation is on Windows too, but Windows publish special API
for sending ping by non-admin users. Synapse can use it. But on Linux
I not know any special API.

Synapse documentation says:

Warning: For use of RAW sockets you must have some special rights on
some systems. So, it working allways when you have administator/root
rights. Otherwise you can have problems!
Post by Marius Dalacu
That's because on Linux you must be root to send ping packets for
users not to flood hosts with ping packets. It is a security thing.
You can not bind to a port below 1024 as a normal user. 
-------- Original message --------
Date: 11/08/2015 23:22 (GMT+02:00)
Subject: [Synalist] Synapse in Lazarus on Linux with user privileges
not working.
Hi,
when I start Lazarus IDE from root account the PingSend.PingHost(host)
works properly, but when I start Lazarus IDE from user account the
PingSend.PingHost(host) gives all the time '-1' result.
Lazarus version: 1.4.2
FPC, FPC-SRC version: 2.6.4
Synapse version: 40
OS: Debina 8.1 on Oracle VM
please help in solving this problem.
Piort Polok
----------------------------------------------------------------------
-------- _______________________________________________
https://lists.sourceforge.net/lists/listinfo/synalist-public
--
Lukas Gebauer.

http://synapse.ararat.cz/ - Ararat Synapse - TCP/IP Lib.
http://geoget.ararat.cz/ - Geocaching solution


------------------------------------------------------------------------------
Piotr Polok
2015-08-12 13:08:43 UTC
Permalink
Post by Lukas Gebauer
It is worst! You need rights for RAW socket.
Similar situation is on Windows too, but Windows publish special API
for sending ping by non-admin users. Synapse can use it. But on Linux
I not know any special API.
Warning: For use of RAW sockets you must have some special rights on
some systems. So, it working allways when you have administator/root
rights. Otherwise you can have problems!
Thank you for the reply,

I do not fully understand the situation, I just move code from Kylix do
Lazarus and it stop to work, also i'm able to ping from user shell
command ... ?
--
pozdrawiam
Piotr Polok

------------------------------------------------------------------------------
Michael Van Canneyt
2015-08-12 13:24:37 UTC
Permalink
Post by Piotr Polok
Post by Lukas Gebauer
It is worst! You need rights for RAW socket.
Similar situation is on Windows too, but Windows publish special API
for sending ping by non-admin users. Synapse can use it. But on Linux
I not know any special API.
Warning: For use of RAW sockets you must have some special rights on
some systems. So, it working allways when you have administator/root
rights. Otherwise you can have problems!
Thank you for the reply,
I do not fully understand the situation, I just move code from Kylix do
Lazarus and it stop to work, also i'm able to ping from user shell
command ... ?
The ping command is setuid root, so it executes as root:

ls -l /bin/ping
-rwsr-xr-x 1 root root 44168 May 7 2014 /bin/ping*

How it can work in kylix is beyond me, unless the kylix binary was setuid root as well.

Michael.
Piotr Polok
2015-08-12 14:14:36 UTC
Permalink
Post by Michael Van Canneyt
Post by Piotr Polok
Post by Lukas Gebauer
It is worst! You need rights for RAW socket.
Similar situation is on Windows too, but Windows publish special API
for sending ping by non-admin users. Synapse can use it. But on Linux
I not know any special API.
Warning: For use of RAW sockets you must have some special rights on
some systems. So, it working allways when you have administator/root
rights. Otherwise you can have problems!
Thank you for the reply,
I do not fully understand the situation, I just move code from Kylix
do Lazarus and it stop to work, also i'm able to ping from user shell
command ... ?
ls -l /bin/ping
-rwsr-xr-x 1 root root 44168 May 7 2014 /bin/ping*
How it can work in kylix is beyond me, unless the kylix binary was setuid root as well.
Hi,

you are right, my wrong, Kylix has the same problem, it's all about
permision.
--
pozdrawiam
Piotr Polok

------------------------------------------------------------------------------
Lukas Gebauer
2015-08-12 12:51:22 UTC
Permalink
http://synapse.ararat.cz/files/crypt/cryptlib-3.2.2.zip
I just checked, and it is the same I'm using, and is from late 2005.
I strongly suspect that a newer DLL would solve the problem.
Where can I get the "official" latest version?
Try this web:
https://www.cs.auckland.ac.nz/~pgut001/cryptlib/

Do not forget update DLL and interface PAS file from the downloaded
package.

It should work, if API was not changed between versions...
--
Lukas Gebauer.

http://synapse.ararat.cz/ - Ararat Synapse - TCP/IP Lib.
http://geoget.ararat.cz/ - Geocaching solution


------------------------------------------------------------------------------
Itzik Mintz
2015-08-12 13:23:29 UTC
Permalink
Hi,

I spent many many hours trying to convince Cryptlib to do SFTP.
There where many problems with the Cryptlib sources (I am not an expert in C and
the code is extremelly complicated).

Finally I solved it and you can read what I did in th eattached PDF.

You can also download the modified DLL from the following DropBox link.
https://dl.dropboxusercontent.com/u/9888741/cl32.dll

I hope it will work for you.

Regards,
Itzik MIntz
***@dvir.org.il



---------- Original Message ----------

Last night, one of the (Linux) webhosts where my app is used,
switched to OpenSSH 6.9, and now my (Windows desktop) app can not connect.

During Connect, OnStatus returns hr_Error with:
"10091,No algorithm compatible with the remote system's selection was
found :
curve25519-***@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1"

I'm using the code from "sftp.zip", downloaded from here:
http://synapse.ararat.cz/files/contrib/?S=M&view=details&showonly=
I did make some minor enhancements/additions.

I'm using the DLL from:
http://synapse.ararat.cz/files/crypt/cryptlib-3.2.2.zip
I just checked, and it is the same I'm using, and is from late 2005.

I strongly suspect that a newer DLL would solve the problem.
Where can I get the "official" latest version?
Thanks in advance! :)

P.S. My project started over a decade ago, using Indy, then a couple
of years ago I converted it to Synapse mainly so I could add SFTP
support. I was so impressed with Synapse, I've converted several
other Delphi projects to use it. :)
Thanks for all your hard work and gift to the Delphi community! :)


------------------------------------------------------------------------------
Loading...