You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2009/05/29 07:54:52 UTC
svn commit: r779851 - in /httpd/mod_ftp/trunk: CHANGES-FTP STATUS-FTP
modules/ftp/config.m4 modules/ftp/ftp_commands.c modules/ftp/mod_ftp.c
modules/ftp/modules.mk.apxs
Author: wrowe
Date: Fri May 29 05:54:52 2009
New Revision: 779851
URL: http://svn.apache.org/viewvc?rev=779851&view=rev
Log:
Enable the low-numbered-port daemon for originating from FTPActiveRange < 1024.
Modified:
httpd/mod_ftp/trunk/CHANGES-FTP
httpd/mod_ftp/trunk/STATUS-FTP
httpd/mod_ftp/trunk/modules/ftp/config.m4
httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c
httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c
httpd/mod_ftp/trunk/modules/ftp/modules.mk.apxs
Modified: httpd/mod_ftp/trunk/CHANGES-FTP
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/CHANGES-FTP?rev=779851&r1=779850&r2=779851&view=diff
==============================================================================
--- httpd/mod_ftp/trunk/CHANGES-FTP (original)
+++ httpd/mod_ftp/trunk/CHANGES-FTP Fri May 29 05:54:52 2009
@@ -1,5 +1,9 @@
Changes in 0.9.3:
+ *) Added a low-numbered port (<1024) daemon process which serves such
+ low numbered FTPActiveRange origin port bindings.
+ [William Rowe]
+
*) FTPLimit* values no longer shared among all Vhosts.
[Jim Jagielski]
Modified: httpd/mod_ftp/trunk/STATUS-FTP
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/STATUS-FTP?rev=779851&r1=779850&r2=779851&view=diff
==============================================================================
--- httpd/mod_ftp/trunk/STATUS-FTP (original)
+++ httpd/mod_ftp/trunk/STATUS-FTP Fri May 29 05:54:52 2009
@@ -38,10 +38,6 @@
RELEASE SHOWSTOPPERS:
- * include/mod_ftp.h clearly needs refactoring of public and private
- interfaces to mod_ftp, and appropriate declarations for those that
- will remain public. Perhaps private declarations should be moved
- to modules/ftp/ftp_private.h and out of include/ altogether.
CURRENT RELEASE NOTES:
@@ -51,6 +47,9 @@
Note many IPv4-only NAT routers appear to ignore EPRT commands,
even as they would fix up NAT addresses from PORT commands.
+ * Extra attention should be paid to PORT and EPRT connections, especially
+ when assigned low numbered ports, e.g. FTPActiveRange 20
+
CURRENT VOTES:
@@ -60,12 +59,6 @@
* Implement AUTH GSSAPI/ADAT commands from RFC2228 Appendix I.
- * Create a parent worker, servicing root port configurations of
- active/passive sockets, as a unix domain socket-based allocator.
- It needs to be expecially strict about comparing the requested
- allocation to the server configurations, which are shared from
- the parent to this worker, and with the children.
-
* For in-tree builds, extending config_vars.mk with our local
[exp_]ftpdocsdir and installing that tree.
Modified: httpd/mod_ftp/trunk/modules/ftp/config.m4
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/config.m4?rev=779851&r1=779850&r2=779851&view=diff
==============================================================================
--- httpd/mod_ftp/trunk/modules/ftp/config.m4 (original)
+++ httpd/mod_ftp/trunk/modules/ftp/config.m4 Fri May 29 05:54:52 2009
@@ -31,7 +31,9 @@
ftp_protocol.lo dnl
ftp_request.lo dnl
ftp_util.lo dnl
+ftp_lowportd.lo dnl
"
+
dnl # hook module into the Autoconf mechanism (--enable-ftp option)
APACHE_MODULE(ftp, [FTP Protocol support (mod_ftp)], $ftp_objs, , no, [
AC_CHECK_FUNCS(fchmod)
Modified: httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c?rev=779851&r1=779850&r2=779851&view=diff
==============================================================================
--- httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c (original)
+++ httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c Fri May 29 05:54:52 2009
@@ -1761,63 +1761,70 @@
local_port, 0, fc->data_pool);
if (!sa || rv) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r,
- "Couldn't resolve explicit local socket address"
- " %s (apr or socket stack bug?) Retrying",
- c->local_ip);
+ "Couldn't resolve explicit local socket address %s "
+ "(apr or socket stack bug?) Retrying", c->local_ip);
rv = apr_sockaddr_info_get(&sa, NULL, APR_INET,
local_port, 0, fc->data_pool);
}
if (!sa || rv) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
- "Couldn't resolve emphemeral local socket address"
- " (apr or socket stack bug?) Giving up");
+ "Couldn't resolve emphemeral local socket address "
+ "(apr or socket stack bug?) Giving up");
apr_socket_close(s);
return FTP_REPLY_CANNOT_OPEN_DATACONN;
}
}
+#if APR_HAVE_SYS_UN_H
+ if ((local_port > 0) && (local_port < 1024)) {
+ /*
+ * Here's the case of low numbered port creation; we have spun off
+ * a worker to serve socket fd's through a unix domain socket via the
+ * ftp_request_lowport client.
+ */
+ rv = ftp_request_lowport(&s, r, sa, fc->data_pool);
+
+ if (rv != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ "Request socket failed from FTP low port daemon");
+ return FTP_REPLY_CANNOT_OPEN_DATACONN;
+ }
+ }
+ else
+#endif
+ {
#if APR_MAJOR_VERSION < 1
- rv = apr_socket_create_ex(&s, family, SOCK_STREAM, APR_PROTO_TCP,
- fc->data_pool);
+ rv = apr_socket_create_ex(&s, family, SOCK_STREAM, APR_PROTO_TCP,
+ fc->data_pool);
#else
- rv = apr_socket_create(&s, family, SOCK_STREAM, APR_PROTO_TCP,
- fc->data_pool);
+ rv = apr_socket_create(&s, family, SOCK_STREAM, APR_PROTO_TCP,
+ fc->data_pool);
#endif
- if (rv != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, r->server,
- "Couldn't create socket");
- return FTP_REPLY_CANNOT_OPEN_DATACONN;
- }
+ if (rv != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ "Couldn't create socket");
+ return FTP_REPLY_CANNOT_OPEN_DATACONN;
+ }
- apr_socket_opt_set(s, APR_SO_REUSEADDR, 1);
+ apr_socket_opt_set(s, APR_SO_REUSEADDR, 1);
-#if 0
- if ((fsc->active_min != -1) && (fsc->active_min < 1024)) {
- /*
- * Here's the case of low numbered port creation; the only way to
- * accomplish this is either grant the apache user/group the right to
- * bind to low numbered ports, or to have the parent running as root
- * spin off socket fd's through a domain socket to all interested ftp
- * worker processes.
- */
- }
- else
-#endif
rv = apr_socket_bind(s, sa);
- if (rv != APR_SUCCESS) {
+ if (rv != APR_SUCCESS) {
#ifdef EACCES
- if (sa->port < 1024 && rv == EACCES)
- ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
- "Couldn't bind to low numbered port (<1024)");
- else
+ if (sa->port < 1024 && rv == EACCES)
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ "Couldn't bind to low numbered port (<1024). "
+ "See FTPActiveRange directive");
+ else
#endif
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, r->server,
- "Couldn't bind to socket");
- apr_socket_close(s);
- return FTP_REPLY_CANNOT_OPEN_DATACONN;
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ "Couldn't bind to socket");
+ apr_socket_close(s);
+ return FTP_REPLY_CANNOT_OPEN_DATACONN;
+ }
}
*sa_rv = sa;
Modified: httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c?rev=779851&r1=779850&r2=779851&view=diff
==============================================================================
--- httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c (original)
+++ httpd/mod_ftp/trunk/modules/ftp/mod_ftp.c Fri May 29 05:54:52 2009
@@ -69,7 +69,11 @@
log_pfn_register(p, "Y", ftp_log_auth_user_id, 0);
}
+#if APR_HAVE_SYS_UN_H
+ return lowportd_pre_config(p, plog, ptemp);
+#else
return OK;
+#endif
}
@@ -78,6 +82,7 @@
{
server_rec *base = s;
ftp_server_config *basefsc = ftp_get_module_config(s->module_config);
+ int lowportd = 0;
ap_add_version_component(p, FTP_SERVER_STRING);
@@ -102,6 +107,8 @@
if (fsc->active_min == FTP_UNSPEC)
fsc->active_min = fsc->active_max = -1;
+ else if (fsc->active_min < 1024)
+ lowportd = 1;
if (fsc->pasv_min == FTP_UNSPEC)
fsc->pasv_min = fsc->pasv_max = 0;
@@ -129,7 +136,14 @@
apr_pool_cleanup_register(p, base, ftp_mutexdb_cleanup,
apr_pool_cleanup_null);
- return OK;
+
+#if APR_HAVE_SYS_UN_H
+ if (lowportd)
+ /* Initialized only if a server has at least one active_min < 1024 */
+ return lowportd_post_config(p, plog, ptemp, base);
+ else
+#endif
+ return OK;
}
static void ftp_child_init(apr_pool_t *p, server_rec *s)
@@ -836,6 +850,9 @@
* Setup command table
*/
static const command_rec ftp_cmds[] = {
+ AP_INIT_TAKE1("FTPLowPortSock", lowportd_set_socket, NULL, RSRC_CONF,
+ "name of the socket to use for creating low-numbered-port "
+ "connections from ftp (global only)"),
AP_INIT_FLAG("FTP", ftp_enable, NULL, RSRC_CONF,
"Run an FTP server on this host"),
AP_INIT_TAKE1("FTPTimeoutLogin", ftp_set_int_slot,
Modified: httpd/mod_ftp/trunk/modules/ftp/modules.mk.apxs
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/modules.mk.apxs?rev=779851&r1=779850&r2=779851&view=diff
==============================================================================
--- httpd/mod_ftp/trunk/modules/ftp/modules.mk.apxs (original)
+++ httpd/mod_ftp/trunk/modules/ftp/modules.mk.apxs Fri May 29 05:54:52 2009
@@ -1,5 +1,5 @@
-mod_ftp.la: mod_ftp.slo ftp_commands.slo ftp_connection.slo ftp_data_connection.slo ftp_data_filters.slo ftp_filters.slo ftp_inet_pton.slo ftp_limitlogin.slo ftp_log.slo ftp_message.slo ftp_protocol.slo ftp_request.slo ftp_util.slo
- $(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_ftp.lo ftp_commands.lo ftp_connection.lo ftp_data_connection.lo ftp_data_filters.lo ftp_filters.lo ftp_inet_pton.lo ftp_limitlogin.lo ftp_log.lo ftp_message.lo ftp_protocol.lo ftp_request.lo ftp_util.lo
+mod_ftp.la: mod_ftp.slo ftp_commands.slo ftp_connection.slo ftp_data_connection.slo ftp_data_filters.slo ftp_filters.slo ftp_inet_pton.slo ftp_limitlogin.slo ftp_log.slo ftp_message.slo ftp_protocol.slo ftp_request.slo ftp_util.slo ftp_lowportd.slo
+ $(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_ftp.lo ftp_commands.lo ftp_connection.lo ftp_data_connection.lo ftp_data_filters.lo ftp_filters.lo ftp_inet_pton.lo ftp_limitlogin.lo ftp_log.lo ftp_message.lo ftp_protocol.lo ftp_request.lo ftp_util.lo ftp_lowportd.lo
mod_ftp_cmd_pwd.la: mod_ftp.la mod_ftp_cmd_pwd.slo
$(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_ftp_cmd_pwd.lo
DISTCLEAN_TARGETS = modules.mk