httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r601174 - in /httpd/mod_ftp/trunk: include/mod_ftp.h modules/ftp/ftp_commands.c modules/ftp/mod_ftp.c
Date Wed, 05 Dec 2007 00:49:09 GMT
Author: wrowe
Date: Tue Dec  4 16:49:07 2007
New Revision: 601174

URL: http://svn.apache.org/viewvc?rev=601174&view=rev
Log:
Refine EPSV behavior and add a new directive, FTPEPSVIgnoreFamily,
which allows the user confronted by firewall NAT translation to
simply accept either AF IPv4 or IPv6 and listen on the client's
connected port.  Because some NAT's are going to present an address
family other than the one the client believed it's using, this is
an important override to avoid firewall/routing/nat issues.

Because EPSV never reports a desired IP address, it's a bad idea
for us to support any aspect of the FTPPASVbindaddr feature.


Modified:
    httpd/mod_ftp/trunk/include/mod_ftp.h
    httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c
    httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c

Modified: httpd/mod_ftp/trunk/include/mod_ftp.h
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/include/mod_ftp.h?rev=601174&r1=601173&r2=601174&view=diff
==============================================================================
--- httpd/mod_ftp/trunk/include/mod_ftp.h (original)
+++ httpd/mod_ftp/trunk/include/mod_ftp.h Tue Dec  4 16:49:07 2007
@@ -225,18 +225,20 @@
 struct ftp_server_config
 {
     int enabled;
+    int options;
+    int implicit_ssl;
     int timeout_login;
     int timeout_idle;
     int timeout_data;
-    int max_login_attempts;
-    int implicit_ssl;
-    int options;
+    int active_min;
+    int active_max;
     int pasv_min;
     int pasv_max;
-    int data_block_size;
     char *pasv_addr;
     char *pasv_bindaddr;
     int pasv_bindfamily;
+    int epsv_ignore_family;
+    int data_block_size;
     const char *banner_message;
     int banner_message_isfile;
     const char *exit_message;
@@ -244,8 +246,7 @@
     const char *homedir;
     const char *docrootenv;
     int jailuser;
-    int active_min;
-    int active_max;
+    int max_login_attempts;
     int limit_peruser;
     int limit_perip;
     int limit_perserver;

Modified: httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c?rev=601174&r1=601173&r2=601174&view=diff
==============================================================================
--- httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c (original)
+++ httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c Tue Dec  4 16:49:07 2007
@@ -1499,7 +1499,29 @@
         return FTP_REPLY_COMMAND_OK;
     }
 
-    if (strcmp(arg, "1") == 0) {
+    /* Why don't pasv_bindaddr/bindfamily appear below?
+     * These directives provide an override which the client
+     * is informed of, while EPSV only informs the client of
+     * the port to use, not a family, and never an address.
+     * FTPEPSVIgnoreFamily should offer sufficient customization.
+     */
+    if (!*arg || ((arg[0] == '1' || arg[0] == '2') && !arg[1] 
+                      && fsc->epsv_ignore_family)) {
+#if APR_HAVE_IPV6
+        if (c->local_addr->family == AF_INET6 &&
+                 IN6_IS_ADDR_V4MAPPED((struct in6_addr *)
+                                      c->local_addr->ipaddr_ptr)) {
+            /* httpd assures us local_ip is in ipv4 notation for mapped addrs */
+            addr = c->local_ip;
+            family = APR_INET;
+        }
+#endif
+        else {
+            addr = c->local_ip;
+            family = c->local_addr->family;
+        }
+    }
+    else if (arg[0] == '1' && !arg[1]) {
         if (c->local_addr->family == AF_INET
 #if APR_HAVE_IPV6
             || (c->local_addr->family == AF_INET6 &&
@@ -1515,8 +1537,8 @@
             return FTP_REPLY_BAD_PROTOCOL;
         }
     }
-    else if (strcmp(arg, "2") == 0) {
 #if APR_HAVE_IPV6
+    else if (arg[0] == '2' && !arg[1]) {
         family = AF_INET6;
         if (c->local_addr->family == AF_INET6 &&
             IN6_IS_ADDR_V4MAPPED((struct in6_addr *)
@@ -1530,30 +1552,11 @@
             family = AF_INET6;
         }
         else
-#endif
         {
             return FTP_REPLY_BAD_PROTOCOL;
         }
     }
-    else if (!*arg) {
-        if (fsc->pasv_bindaddr) {
-            addr = fsc->pasv_bindaddr;
-            family = fsc->pasv_bindfamily;
-        }
-#if APR_HAVE_IPV6
-        else if (c->local_addr->family == AF_INET6 &&
-                 IN6_IS_ADDR_V4MAPPED((struct in6_addr *)
-                                      c->local_addr->ipaddr_ptr)) {
-            /* httpd assures us local_ip is in ipv4 notation for mapped addrs */
-            addr = c->local_ip;
-            family = APR_INET;
-        }
 #endif
-        else {
-            addr = c->local_ip;
-            family = c->local_addr->family;
-        }
-    }
     else {
         return FTP_REPLY_BAD_PROTOCOL;
     }

Modified: httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c?rev=601174&r1=601173&r2=601174&view=diff
==============================================================================
--- httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c (original)
+++ httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c Tue Dec  4 16:49:07 2007
@@ -836,6 +836,14 @@
     return NULL;
 }
 
+AP_DECLARE(const char *) ftp_epsv_ignore_family(cmd_parms *cmd, void *dummy,
+                                                int flag)
+{
+    ftp_server_config *fsc = ftp_get_module_config(cmd->server->module_config);
+    fsc->epsv_ignore_family = flag;
+    return NULL;
+}
+
 /*
  * Setup command table
  */
@@ -874,6 +882,10 @@
                   "address for the data channel"),
     AP_INIT_TAKE2("FTPPASVrange", ftp_set_pasv_range, NULL, RSRC_CONF,
                   "Set the allowed PASV port range"),
+    AP_INIT_FLAG("FTPEPSVIgnoreFamily", ftp_epsv_ignore_family,
+                 NULL, RSRC_CONF, \
+                 "Instructs EPSV handler to ignore the requested IPv4 or IPv6"
+                 " address family (to accomodate network translation)"), 
     AP_INIT_TAKE1("FTPBannerMessage", ftp_set_banner_message, NULL, RSRC_CONF,
                   "Set initial login message"),
     AP_INIT_TAKE1("FTPExitMessage", ftp_set_exit_message, NULL, RSRC_CONF,



Mime
View raw message