Commons VFS
  1. Commons VFS
  2. VFS-412

[FTPS] Support to send execPROT("P")

    Details

    • Type: Improvement Improvement
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.1
    • Labels:

      Description

      The layer over FTPSClient can't permit to send a client.execPROT("P") and this make in FTPS explicit (with vsFTPd 2.0.7) make an error:

      SSL version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA, not reused, no cert
      522 Data connections must be encrypted.

      The patch offer via FtpsFileSystemConfigBuilder the option to set execPROT like do with setPassiveMode.

      1. patch_exexprot.txt
        12 kB
        Jose Juan Montiel
      2. patch_412.txt
        12 kB
        Jose Juan Montiel

        Activity

        Hide
        Joerg Schaible added a comment -

        Applied, but I've changed the level values from String to an enum. I did not provide an additional setting for the buffer size, because it is normally set to 0 anyway representing data streaming.

        $ svn ci -m "Add support for FTPS command to set the DataChannelProtectionLevel (VFS-412)."
        Sending core/src/main/java/org/apache/commons/vfs2/Resources.properties
        Sending core/src/main/java/org/apache/commons/vfs2/provider/ftp/FtpClientFactory.java
        Sending core/src/main/java/org/apache/commons/vfs2/provider/ftps/FtpsClientFactory.java
        Adding core/src/main/java/org/apache/commons/vfs2/provider/ftps/FtpsDataChannelProtectionLevel.java
        Sending core/src/main/java/org/apache/commons/vfs2/provider/ftps/FtpsFileSystemConfigBuilder.java
        Sending core/src/test/java/org/apache/commons/vfs2/provider/ftps/test/AbstractFtpsProviderTestCase.java
        Sending core/src/test/java/org/apache/commons/vfs2/provider/ftps/test/FtpsProviderExplicitTestCase.java
        Sending core/src/test/java/org/apache/commons/vfs2/provider/ftps/test/FtpsProviderImplicitTestCase_Disabled.java
        Sending pom.xml
        Sending src/changes/changes.xml
        Transmitting file data ..........
        Committed revision 1448606.

        Show
        Joerg Schaible added a comment - Applied, but I've changed the level values from String to an enum. I did not provide an additional setting for the buffer size, because it is normally set to 0 anyway representing data streaming. $ svn ci -m "Add support for FTPS command to set the DataChannelProtectionLevel ( VFS-412 )." Sending core/src/main/java/org/apache/commons/vfs2/Resources.properties Sending core/src/main/java/org/apache/commons/vfs2/provider/ftp/FtpClientFactory.java Sending core/src/main/java/org/apache/commons/vfs2/provider/ftps/FtpsClientFactory.java Adding core/src/main/java/org/apache/commons/vfs2/provider/ftps/FtpsDataChannelProtectionLevel.java Sending core/src/main/java/org/apache/commons/vfs2/provider/ftps/FtpsFileSystemConfigBuilder.java Sending core/src/test/java/org/apache/commons/vfs2/provider/ftps/test/AbstractFtpsProviderTestCase.java Sending core/src/test/java/org/apache/commons/vfs2/provider/ftps/test/FtpsProviderExplicitTestCase.java Sending core/src/test/java/org/apache/commons/vfs2/provider/ftps/test/FtpsProviderImplicitTestCase_Disabled.java Sending pom.xml Sending src/changes/changes.xml Transmitting file data .......... Committed revision 1448606.
        Hide
        Gary Gregory added a comment -

        Hello All and JJ:

        In order to speed this up, could you please:

        • resubmit the patch against the current trunk?
        • make sure the build works with "mvn clean site"
        • make sure the new code gets as close to 100% test coverage

        Thank you!
        Gary

        Show
        Gary Gregory added a comment - Hello All and JJ: In order to speed this up, could you please: resubmit the patch against the current trunk? make sure the build works with "mvn clean site" make sure the new code gets as close to 100% test coverage Thank you! Gary
        Hide
        Jose Juan Montiel added a comment -

        Hi, i needed PROT setting because a test against VSFTPS with mode "explicit" enabled, becaus that command was required

        Here the snipet of config file for VSFTPS server.

        #

        1. Configuracion SSL
          #
        2. Habilita el soporte de TLS/SSL
          ssl_enable=YES
        1. Obliga a utilizar TLS/SSL para todas las operaciones
          force_local_data_ssl=YES
          force_local_logins_ssl=YES
        1. Se prefiere TLSv1 sobre SSLv2 y SSLv3
          ssl_tlsv1=YES
          ssl_sslv2=NO
          ssl_sslv3=NO
        1. Solo para version 2.3.2
          require_ssl_reuse=false

        Acording other server filezilla (http://trac.filezilla-project.org/ticket/2581) maybe the mode explicit/implicit matter.. but on the other hand, i open this "jira" to add functionality (pass PROT to the client)... you talk about to pass another comamnd PBSZ (like this example http://www.kochnielsen.dk/kurt/blog/?p=162)...

        For me only need the of PROT, but if Gary is going to committed to VFS 2.1-SNAPSHOT i don't mind to add support to PBSZ in the same way...

        Show
        Jose Juan Montiel added a comment - Hi, i needed PROT setting because a test against VSFTPS with mode "explicit" enabled, becaus that command was required Here the snipet of config file for VSFTPS server. # Configuracion SSL # Habilita el soporte de TLS/SSL ssl_enable=YES Obliga a utilizar TLS/SSL para todas las operaciones force_local_data_ssl=YES force_local_logins_ssl=YES Se prefiere TLSv1 sobre SSLv2 y SSLv3 ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO Solo para version 2.3.2 require_ssl_reuse=false Acording other server filezilla ( http://trac.filezilla-project.org/ticket/2581 ) maybe the mode explicit/implicit matter.. but on the other hand, i open this "jira" to add functionality (pass PROT to the client)... you talk about to pass another comamnd PBSZ (like this example http://www.kochnielsen.dk/kurt/blog/?p=162 )... For me only need the of PROT, but if Gary is going to committed to VFS 2.1-SNAPSHOT i don't mind to add support to PBSZ in the same way...
        Hide
        Andreas Wallberg added a comment -

        According to RFC 2228, (http://www.ietf.org/rfc/rfc2228.txt) that introduced PROT command, "The PBSZ command must be preceded by a successful security data exchange.". I think this means that "PBSZ 0" must be issued before "PROT P".

        Show
        Andreas Wallberg added a comment - According to RFC 2228, ( http://www.ietf.org/rfc/rfc2228.txt ) that introduced PROT command, "The PBSZ command must be preceded by a successful security data exchange.". I think this means that "PBSZ 0" must be issued before "PROT P".
        Hide
        Gary Gregory added a comment -

        I'll get back to this next week probably...

        Show
        Gary Gregory added a comment - I'll get back to this next week probably...
        Hide
        Jose Juan Montiel added a comment -

        Hi, can i help you with this?

        I'll review test, i only try to make "similiar" to "FTP"...

        Show
        Jose Juan Montiel added a comment - Hi, can i help you with this? I'll review test, i only try to make "similiar" to "FTP"...
        Hide
        Gary Gregory added a comment -

        I am looked at this patch but I am running into some problems testing it. The test you submitted does not run with the build, it appears fits in the framework that assumes you manually manage an external server. I am working on a test that manages an embedded server just like for the FTP test. But... the test fails because is hangs when trying to read from more than one stream at a time. This is not an issue with plain FTP though, both FTP and FTPS use Commons Net at the wire level. Stay tuned to JIRA and the ML for more...

        Show
        Gary Gregory added a comment - I am looked at this patch but I am running into some problems testing it. The test you submitted does not run with the build, it appears fits in the framework that assumes you manually manage an external server. I am working on a test that manages an embedded server just like for the FTP test. But... the test fails because is hangs when trying to read from more than one stream at a time. This is not an issue with plain FTP though, both FTP and FTPS use Commons Net at the wire level. Stay tuned to JIRA and the ML for more...
        Hide
        Jose Juan Montiel added a comment -

        I think i check "Grant license to ASF..." but i do it again.

        Show
        Jose Juan Montiel added a comment - I think i check "Grant license to ASF..." but i do it again.
        Hide
        Gary Gregory added a comment -

        This patch cannot be considered because it was not granted license to the ASF. Granting is done in the patch submission dialog.

        Show
        Gary Gregory added a comment - This patch cannot be considered because it was not granted license to the ASF. Granting is done in the patch submission dialog.
        Hide
        Jose Juan Montiel added a comment -

        In RunTest i misteke and put props.setProperty("test.ftp.uri".... should be "test.ftps.uri"...

        Show
        Jose Juan Montiel added a comment - In RunTest i misteke and put props.setProperty("test.ftp.uri".... should be "test.ftps.uri"...

          People

          • Assignee:
            Joerg Schaible
            Reporter:
            Jose Juan Montiel
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 1h
              1h
              Remaining:
              Remaining Estimate - 1h
              1h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development