Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 17449 invoked from network); 29 May 2009 05:55:06 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 29 May 2009 05:55:06 -0000 Received: (qmail 87996 invoked by uid 500); 29 May 2009 05:55:18 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 87890 invoked by uid 500); 29 May 2009 05:55:18 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 87881 invoked by uid 99); 29 May 2009 05:55:18 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 May 2009 05:55:18 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 May 2009 05:55:14 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id F3CCB2388873; Fri, 29 May 2009 05:54:52 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r779851 - in /httpd/mod_ftp/trunk: CHANGES-FTP STATUS-FTP modules/ftp/config.m4 modules/ftp/ftp_commands.c modules/ftp/mod_ftp.c modules/ftp/modules.mk.apxs Date: Fri, 29 May 2009 05:54:52 -0000 To: cvs@httpd.apache.org From: wrowe@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090529055452.F3CCB2388873@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: wrowe Date: Fri May 29 05:54:52 2009 New Revision: 779851 URL: http://svn.apache.org/viewvc?rev=779851&view=rev Log: Enable the low-numbered-port daemon for originating from FTPActiveRange < 1024. Modified: httpd/mod_ftp/trunk/CHANGES-FTP httpd/mod_ftp/trunk/STATUS-FTP httpd/mod_ftp/trunk/modules/ftp/config.m4 httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c httpd/mod_ftp/trunk/modules/ftp/modules.mk.apxs Modified: httpd/mod_ftp/trunk/CHANGES-FTP URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/CHANGES-FTP?rev=779851&r1=779850&r2=779851&view=diff ============================================================================== --- httpd/mod_ftp/trunk/CHANGES-FTP (original) +++ httpd/mod_ftp/trunk/CHANGES-FTP Fri May 29 05:54:52 2009 @@ -1,5 +1,9 @@ Changes in 0.9.3: + *) Added a low-numbered port (<1024) daemon process which serves such + low numbered FTPActiveRange origin port bindings. + [William Rowe] + *) FTPLimit* values no longer shared among all Vhosts. [Jim Jagielski] Modified: httpd/mod_ftp/trunk/STATUS-FTP URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/STATUS-FTP?rev=779851&r1=779850&r2=779851&view=diff ============================================================================== --- httpd/mod_ftp/trunk/STATUS-FTP (original) +++ httpd/mod_ftp/trunk/STATUS-FTP Fri May 29 05:54:52 2009 @@ -38,10 +38,6 @@ RELEASE SHOWSTOPPERS: - * include/mod_ftp.h clearly needs refactoring of public and private - interfaces to mod_ftp, and appropriate declarations for those that - will remain public. Perhaps private declarations should be moved - to modules/ftp/ftp_private.h and out of include/ altogether. CURRENT RELEASE NOTES: @@ -51,6 +47,9 @@ Note many IPv4-only NAT routers appear to ignore EPRT commands, even as they would fix up NAT addresses from PORT commands. + * Extra attention should be paid to PORT and EPRT connections, especially + when assigned low numbered ports, e.g. FTPActiveRange 20 + CURRENT VOTES: @@ -60,12 +59,6 @@ * Implement AUTH GSSAPI/ADAT commands from RFC2228 Appendix I. - * Create a parent worker, servicing root port configurations of - active/passive sockets, as a unix domain socket-based allocator. - It needs to be expecially strict about comparing the requested - allocation to the server configurations, which are shared from - the parent to this worker, and with the children. - * For in-tree builds, extending config_vars.mk with our local [exp_]ftpdocsdir and installing that tree. Modified: httpd/mod_ftp/trunk/modules/ftp/config.m4 URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/config.m4?rev=779851&r1=779850&r2=779851&view=diff ============================================================================== --- httpd/mod_ftp/trunk/modules/ftp/config.m4 (original) +++ httpd/mod_ftp/trunk/modules/ftp/config.m4 Fri May 29 05:54:52 2009 @@ -31,7 +31,9 @@ ftp_protocol.lo dnl ftp_request.lo dnl ftp_util.lo dnl +ftp_lowportd.lo dnl " + dnl # hook module into the Autoconf mechanism (--enable-ftp option) APACHE_MODULE(ftp, [FTP Protocol support (mod_ftp)], $ftp_objs, , no, [ AC_CHECK_FUNCS(fchmod) Modified: httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c?rev=779851&r1=779850&r2=779851&view=diff ============================================================================== --- httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c (original) +++ httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c Fri May 29 05:54:52 2009 @@ -1761,63 +1761,70 @@ local_port, 0, fc->data_pool); if (!sa || rv) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r, - "Couldn't resolve explicit local socket address" - " %s (apr or socket stack bug?) Retrying", - c->local_ip); + "Couldn't resolve explicit local socket address %s " + "(apr or socket stack bug?) Retrying", c->local_ip); rv = apr_sockaddr_info_get(&sa, NULL, APR_INET, local_port, 0, fc->data_pool); } if (!sa || rv) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, - "Couldn't resolve emphemeral local socket address" - " (apr or socket stack bug?) Giving up"); + "Couldn't resolve emphemeral local socket address " + "(apr or socket stack bug?) Giving up"); apr_socket_close(s); return FTP_REPLY_CANNOT_OPEN_DATACONN; } } +#if APR_HAVE_SYS_UN_H + if ((local_port > 0) && (local_port < 1024)) { + /* + * Here's the case of low numbered port creation; we have spun off + * a worker to serve socket fd's through a unix domain socket via the + * ftp_request_lowport client. + */ + rv = ftp_request_lowport(&s, r, sa, fc->data_pool); + + if (rv != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + "Request socket failed from FTP low port daemon"); + return FTP_REPLY_CANNOT_OPEN_DATACONN; + } + } + else +#endif + { #if APR_MAJOR_VERSION < 1 - rv = apr_socket_create_ex(&s, family, SOCK_STREAM, APR_PROTO_TCP, - fc->data_pool); + rv = apr_socket_create_ex(&s, family, SOCK_STREAM, APR_PROTO_TCP, + fc->data_pool); #else - rv = apr_socket_create(&s, family, SOCK_STREAM, APR_PROTO_TCP, - fc->data_pool); + rv = apr_socket_create(&s, family, SOCK_STREAM, APR_PROTO_TCP, + fc->data_pool); #endif - if (rv != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_ERR, rv, r->server, - "Couldn't create socket"); - return FTP_REPLY_CANNOT_OPEN_DATACONN; - } + if (rv != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + "Couldn't create socket"); + return FTP_REPLY_CANNOT_OPEN_DATACONN; + } - apr_socket_opt_set(s, APR_SO_REUSEADDR, 1); + apr_socket_opt_set(s, APR_SO_REUSEADDR, 1); -#if 0 - if ((fsc->active_min != -1) && (fsc->active_min < 1024)) { - /* - * Here's the case of low numbered port creation; the only way to - * accomplish this is either grant the apache user/group the right to - * bind to low numbered ports, or to have the parent running as root - * spin off socket fd's through a domain socket to all interested ftp - * worker processes. - */ - } - else -#endif rv = apr_socket_bind(s, sa); - if (rv != APR_SUCCESS) { + if (rv != APR_SUCCESS) { #ifdef EACCES - if (sa->port < 1024 && rv == EACCES) - ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, - "Couldn't bind to low numbered port (<1024)"); - else + if (sa->port < 1024 && rv == EACCES) + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + "Couldn't bind to low numbered port (<1024). " + "See FTPActiveRange directive"); + else #endif - ap_log_error(APLOG_MARK, APLOG_ERR, rv, r->server, - "Couldn't bind to socket"); - apr_socket_close(s); - return FTP_REPLY_CANNOT_OPEN_DATACONN; + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + "Couldn't bind to socket"); + apr_socket_close(s); + return FTP_REPLY_CANNOT_OPEN_DATACONN; + } } *sa_rv = sa; Modified: httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c?rev=779851&r1=779850&r2=779851&view=diff ============================================================================== --- httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c (original) +++ httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c Fri May 29 05:54:52 2009 @@ -69,7 +69,11 @@ log_pfn_register(p, "Y", ftp_log_auth_user_id, 0); } +#if APR_HAVE_SYS_UN_H + return lowportd_pre_config(p, plog, ptemp); +#else return OK; +#endif } @@ -78,6 +82,7 @@ { server_rec *base = s; ftp_server_config *basefsc = ftp_get_module_config(s->module_config); + int lowportd = 0; ap_add_version_component(p, FTP_SERVER_STRING); @@ -102,6 +107,8 @@ if (fsc->active_min == FTP_UNSPEC) fsc->active_min = fsc->active_max = -1; + else if (fsc->active_min < 1024) + lowportd = 1; if (fsc->pasv_min == FTP_UNSPEC) fsc->pasv_min = fsc->pasv_max = 0; @@ -129,7 +136,14 @@ apr_pool_cleanup_register(p, base, ftp_mutexdb_cleanup, apr_pool_cleanup_null); - return OK; + +#if APR_HAVE_SYS_UN_H + if (lowportd) + /* Initialized only if a server has at least one active_min < 1024 */ + return lowportd_post_config(p, plog, ptemp, base); + else +#endif + return OK; } static void ftp_child_init(apr_pool_t *p, server_rec *s) @@ -836,6 +850,9 @@ * Setup command table */ static const command_rec ftp_cmds[] = { + AP_INIT_TAKE1("FTPLowPortSock", lowportd_set_socket, NULL, RSRC_CONF, + "name of the socket to use for creating low-numbered-port " + "connections from ftp (global only)"), AP_INIT_FLAG("FTP", ftp_enable, NULL, RSRC_CONF, "Run an FTP server on this host"), AP_INIT_TAKE1("FTPTimeoutLogin", ftp_set_int_slot, Modified: httpd/mod_ftp/trunk/modules/ftp/modules.mk.apxs URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/modules.mk.apxs?rev=779851&r1=779850&r2=779851&view=diff ============================================================================== --- httpd/mod_ftp/trunk/modules/ftp/modules.mk.apxs (original) +++ httpd/mod_ftp/trunk/modules/ftp/modules.mk.apxs Fri May 29 05:54:52 2009 @@ -1,5 +1,5 @@ -mod_ftp.la: mod_ftp.slo ftp_commands.slo ftp_connection.slo ftp_data_connection.slo ftp_data_filters.slo ftp_filters.slo ftp_inet_pton.slo ftp_limitlogin.slo ftp_log.slo ftp_message.slo ftp_protocol.slo ftp_request.slo ftp_util.slo - $(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_ftp.lo ftp_commands.lo ftp_connection.lo ftp_data_connection.lo ftp_data_filters.lo ftp_filters.lo ftp_inet_pton.lo ftp_limitlogin.lo ftp_log.lo ftp_message.lo ftp_protocol.lo ftp_request.lo ftp_util.lo +mod_ftp.la: mod_ftp.slo ftp_commands.slo ftp_connection.slo ftp_data_connection.slo ftp_data_filters.slo ftp_filters.slo ftp_inet_pton.slo ftp_limitlogin.slo ftp_log.slo ftp_message.slo ftp_protocol.slo ftp_request.slo ftp_util.slo ftp_lowportd.slo + $(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_ftp.lo ftp_commands.lo ftp_connection.lo ftp_data_connection.lo ftp_data_filters.lo ftp_filters.lo ftp_inet_pton.lo ftp_limitlogin.lo ftp_log.lo ftp_message.lo ftp_protocol.lo ftp_request.lo ftp_util.lo ftp_lowportd.lo mod_ftp_cmd_pwd.la: mod_ftp.la mod_ftp_cmd_pwd.slo $(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_ftp_cmd_pwd.lo DISTCLEAN_TARGETS = modules.mk