Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 2778 invoked from network); 8 Jan 2008 06:38:20 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 8 Jan 2008 06:38:20 -0000 Received: (qmail 93059 invoked by uid 500); 8 Jan 2008 06:38:09 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 93006 invoked by uid 500); 8 Jan 2008 06:38:09 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 92995 invoked by uid 99); 8 Jan 2008 06:38:09 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Jan 2008 22:38:09 -0800 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Jan 2008 06:37:53 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 199BC1A9896; Mon, 7 Jan 2008 22:37:59 -0800 (PST) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r609888 - in /httpd/mod_ftp/trunk: CHANGES-FTP STATUS-FTP include/mod_ftp.h modules/ftp/ftp_commands.c modules/ftp/ftp_util.c modules/ftp/mod_ftp.c Date: Tue, 08 Jan 2008 06:37:58 -0000 To: cvs@httpd.apache.org From: wrowe@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080108063759.199BC1A9896@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: wrowe Date: Mon Jan 7 22:37:57 2008 New Revision: 609888 URL: http://svn.apache.org/viewvc?rev=609888&view=rev Log: Introduce virtual hosts, using FTPOptions VirtualHostByUser which will take the virtual host name from the username@hostname if provided. It will match the first vhost (as with http) when there is no hostname provided or no host names or aliases match. The corresponding option FTPOptions StripHostname presents only 'user' of 'user@hostname' to the authentication modules, otherwise the full USER text is passed to the authentication modules. Modified: httpd/mod_ftp/trunk/CHANGES-FTP httpd/mod_ftp/trunk/STATUS-FTP httpd/mod_ftp/trunk/include/mod_ftp.h httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c httpd/mod_ftp/trunk/modules/ftp/ftp_util.c httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c Modified: httpd/mod_ftp/trunk/CHANGES-FTP URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/CHANGES-FTP?rev=609888&r1=609887&r2=609888&view=diff ============================================================================== --- httpd/mod_ftp/trunk/CHANGES-FTP (original) +++ httpd/mod_ftp/trunk/CHANGES-FTP Mon Jan 7 22:37:57 2008 @@ -1,5 +1,16 @@ Changes in 0.9.2: + *) Introduce virtual hosts, using FTPOptions VirtualHostByUser which will + take the virtual host name from the username@hostname if provided. + It will match the first vhost (as with http) when there is no hostname + provided or no host names or aliases match. The corresponding option + FTPOptions StripHostname will present only 'user' of 'user@hostname' + to the authentication modules. [William Rowe] + + *) Ensure requests are processed with an r->status of HTTP_OK, as a number + of facilities will fail when presented with an error status. + [William Rowe] + *) Move the ftp_connection from r->request_config, where it never belonged, into the c->conn_config where its scope matches the lifetime of the conn. [William Rowe] Modified: httpd/mod_ftp/trunk/STATUS-FTP URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/STATUS-FTP?rev=609888&r1=609887&r2=609888&view=diff ============================================================================== --- httpd/mod_ftp/trunk/STATUS-FTP (original) +++ httpd/mod_ftp/trunk/STATUS-FTP Mon Jan 7 22:37:57 2008 @@ -56,9 +56,6 @@ * Implement AUTH GSSAPI/ADAT commands from RFC2228 Appendix I. - * Process named virtual hosts based on USER foo@hostname syntax - (stripping @hostname prior to user-auth processing). - * Create a parent worker, servicing root port configurations of active/passive sockets, as a unix domain socket-based allocator. It needs to be expecially strict about comparing the requested Modified: httpd/mod_ftp/trunk/include/mod_ftp.h URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/include/mod_ftp.h?rev=609888&r1=609887&r2=609888&view=diff ============================================================================== --- httpd/mod_ftp/trunk/include/mod_ftp.h (original) +++ httpd/mod_ftp/trunk/include/mod_ftp.h Mon Jan 7 22:37:57 2008 @@ -174,8 +174,10 @@ #define FTP_OPT_CREATEHOMEDIRS (1 << 5) /* Create home dirs on the fly */ #define FTP_OPT_SHOWUNAUTH (1 << 6) /* Show unauthorized files in LIST */ #define FTP_OPT_LISTISNLST (1 << 7) /* Maps LiST directly to NLST */ -#define FTP_OPT_ALLOWPROXYPORT (1 << 8) /* Allow PORT connections other than client's */ -#define FTP_OPT_ALLOWPROXYPASV (1 << 9) /* Allow PASV connections other than client's */ +#define FTP_OPT_ALLOWPROXYPORT (1 << 8) /* Data connect to other than client */ +#define FTP_OPT_ALLOWPROXYPASV (1 << 9) /* Data listens to other than client */ +#define FTP_OPT_VHOST_BY_USER (1 << 10) /* Parse USER for @hostname vhost */ +#define FTP_OPT_STRIP_HOSTNAME (1 << 11) /* Strip @hostname from username */ /* Supported FTP AUTH mechanisms. */ #define FTP_AUTH_NONE 0 @@ -288,6 +290,7 @@ /* User information */ apr_pool_t *login_pool; /* Child of c->pool reset on every USER cmd */ int logged_in; + const char *host; const char *user; const char *authorization; int login_attempts; Modified: httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c?rev=609888&r1=609887&r2=609888&view=diff ============================================================================== --- httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c (original) +++ httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c Mon Jan 7 22:37:57 2008 @@ -2699,6 +2699,10 @@ conn_rec *c = r->connection; ftp_server_config *fsc = ftp_get_module_config(r->server->module_config); + apr_time_t prev_timeout; + apr_status_t rv; + char *username; + char *hostname; /* Implicit logout */ if (fc->logged_in) { @@ -2707,12 +2711,55 @@ fc->logged_in = 0; r->server = fc->orig_server = c->base_server; r->per_dir_config = r->server->lookup_defaults; + r->hostname = fc->host = NULL; apr_pool_clear(fc->login_pool); - fc->user = apr_pstrdup(fc->login_pool, arg); + fc->user = username = apr_pstrdup(fc->login_pool, arg); + + /* Identify virtual host (user@{hostname}) for named vhost lookup, + * and split from user name if so configured. + */ + if ((hostname = ap_strchr(username, '@')) != NULL) + { + /* Toggle to the Host:-based vhost's timeout mode to process + * this login request + */ + if (fsc->options & FTP_OPT_VHOST_BY_USER) + { + r->hostname = hostname + 1; + + ap_update_vhost_from_headers(r); + + fc->host = r->hostname; + fc->orig_server = r->server; + } + } + + /* we may have switched to another server */ + fsc = ftp_get_module_config(r->server->module_config); + r->per_dir_config = r->server->lookup_defaults; + + /* Now that we switched virtual hosts, it's time to determine if the + * username fc->user's "@{hostname}" should be discarded + */ + if ((hostname != NULL) && (fsc->options & FTP_OPT_STRIP_HOSTNAME)) + *hostname = '\0'; + + /* We have nominally 'logged out', and also potentially changed + * virtual host contexts; reset to the proper timeout_login + */ + rv = apr_socket_timeout_get(fc->cntlsock, &prev_timeout); + if (rv != APR_SUCCESS || prev_timeout != fsc->timeout_login) { + rv = apr_socket_timeout_set(fc->cntlsock, + fsc->timeout_login * APR_USEC_PER_SEC); + if (rv != APR_SUCCESS) + ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, r->server, + "Couldn't set SO_TIMEOUT socket option"); + } if ((fsc->options & FTP_OPT_REQUIRESSL) && !fc->is_secure) { + r->hostname = fc->host = NULL; fc->user = ftp_unknown_username; r->server = fc->orig_server = c->base_server; r->per_dir_config = r->server->lookup_defaults; @@ -2722,8 +2769,12 @@ return FTP_REPLY_NOT_LOGGED_IN; } + /* TODO: these should really be configurable */ if ((strcmp(fc->user, "anonymous") == 0) || - strcmp(fc->user, "guest") == 0) { + (strncmp(fc->user, "anonymous@", 10) == 0) || + (strcmp(fc->user, "guest") == 0) || + (strncmp(fc->user, "guest@", 6) == 0)) + { fc->response_notes = apr_pstrdup(r->pool, "Guest login ok, type your email " "address as the password"); Modified: httpd/mod_ftp/trunk/modules/ftp/ftp_util.c URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/ftp_util.c?rev=609888&r1=609887&r2=609888&view=diff ============================================================================== --- httpd/mod_ftp/trunk/modules/ftp/ftp_util.c (original) +++ httpd/mod_ftp/trunk/modules/ftp/ftp_util.c Mon Jan 7 22:37:57 2008 @@ -417,8 +417,10 @@ void ftp_set_authorization(request_rec *r) { ftp_connection *fc = ftp_get_module_config(r->connection->conn_config); + r->hostname = apr_pstrdup(r->pool, fc->host); r->user = apr_pstrdup(r->pool, fc->user); - apr_table_setn(r->headers_in, "Authorization", fc->authorization); + apr_table_setn(r->headers_in, "Host", r->hostname); + apr_table_setn(r->headers_in, "Authorization", r->user); } /* ftp_set_uri: Setup r->uri based on a file argument and user's Modified: httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c?rev=609888&r1=609887&r2=609888&view=diff ============================================================================== --- httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c (original) +++ httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c Mon Jan 7 22:37:57 2008 @@ -536,6 +536,12 @@ else if (!strcasecmp(op, "AllowProxyPASV")) { opt_mask = FTP_OPT_ALLOWPROXYPASV; } + else if (!strcasecmp(op, "VirtualHostByUser")) { + opt_mask = FTP_OPT_VHOST_BY_USER; + } + else if (!strcasecmp(op, "StripHostname")) { + opt_mask = FTP_OPT_STRIP_HOSTNAME; + } else { return apr_pstrcat(cmd->pool, "Illegal FTPOption ", op, NULL); }