Giter Club home page Giter Club logo

Comments (4)

drakkan avatar drakkan commented on August 22, 2024 1

Hi,

I think you are right, ftpserverlib seems to always open active connections unencrypted.

I will try to fix this issue but as I am quite busy right now it may take a while. Thank you for using SFTPGo!

from ftpserverlib.

drakkan avatar drakkan commented on August 22, 2024

Hi,

I did a quick test, the following patch seems to fix the issue for me:

diff --git a/transfer_active.go b/transfer_active.go
index 3255b53..a0f0d58 100644
--- a/transfer_active.go
+++ b/transfer_active.go
@@ -2,6 +2,7 @@
 package ftpserver
 
 import (
+       "crypto/tls"
        "errors"
        "fmt"
        "net"
@@ -21,9 +22,20 @@ func (c *clientHandler) handlePORT() error {
 
        c.writeMessage(StatusOK, "PORT command successful")
 
+       var tlsConfig *tls.Config
+
+       if c.transferTLS {
+               tlsConfig, err = c.server.driver.GetTLSConfig()
+               if err != nil {
+                       c.writeMessage(StatusSyntaxErrorNotRecognised, fmt.Sprintf("Problem parsing PORT: %v", err))
+                       return nil
+               }
+       }
+
        c.transfer = &activeTransferHandler{
-               raddr:    raddr,
-               settings: c.server.settings,
+               raddr:     raddr,
+               settings:  c.server.settings,
+               tlsConfig: tlsConfig,
        }
 
        return nil
@@ -31,9 +43,10 @@ func (c *clientHandler) handlePORT() error {
 
 // Active connection
 type activeTransferHandler struct {
-       raddr    *net.TCPAddr // Remote address of the client
-       conn     net.Conn     // Connection used to connect to him
-       settings *Settings    // Settings
+       raddr     *net.TCPAddr // Remote address of the client
+       conn      net.Conn     // Connection used to connect to him
+       settings  *Settings    // Settings
+       tlsConfig *tls.Config
 }
 
 func (a *activeTransferHandler) Open() (net.Conn, error) {
@@ -53,6 +66,10 @@ func (a *activeTransferHandler) Open() (net.Conn, error) {
                return nil, fmt.Errorf("could not establish active connection: %w", err)
        }
 
+       if a.tlsConfig != nil {
+               conn = tls.Server(conn, a.tlsConfig)
+       }
+
        // keep connection as it will be closed by Close()
        a.conn = conn

maybe I can find some time to do more tests the next weekend, meantime would help if you can apply and test the patch locally.

To compile SFTPGo against a local ftpserverlib version modify the go.mod for SFTPGo in a way similar to this:

replace (
+       github.com/fclairamb/ftpserverlib => /home/nicola/goprojects/ftpserverlib

replacing /home/nicola/goprojects/ftpserverlib with the path to your patched ftpserverlib, thank you!

from ftpserverlib.

rel33 avatar rel33 commented on August 22, 2024

Hi,

Patch applied, sftpgo compiled without any problem.

I confirm, that active data transfer worked.

Thank you for very quick fix. For me case can be closed.

Status: Connecting to 172.31.SER.VER:21...
Status: Connection established, waiting for welcome message...
Response: 220 SFTPGo 1.0.0-dev ready
Command: AUTH TLS
Response: 234 AUTH command ok. Expecting TLS Negotiation.
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Command: USER test
Response: 331 OK
Command: PASS ********
Response: 230 Password ok, continue
Command: CLNT FileZilla
Response: 200 Good to know
Command: OPTS UTF8 ON
Response: 200 I'm in UTF8 only anyway
Command: PBSZ 0
Response: 200 Whatever
Command: PROT P
Response: 200 OK
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to binary
Command: PORT 172,31,CLI,ENT,15,158
Response: 200 PORT command successful
Command: MLSD
Response: 150 Using transfer connection
Listing: Type=dir;Size=0;Modify=20191220195214; xxxxxxxxxxxxx
[...]
Listing: Type=dir;Size=0;Modify=20180813144326; xxxxxxxxxxxxx
Response: 226 Closing transfer connection
Status: Directory listing of "/" successful

Best regards,
Piotr

from ftpserverlib.

fclairamb avatar fclairamb commented on August 22, 2024

Thank you @rel33 & @drakkan. This is indeed a huge bug !!!

from ftpserverlib.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.