Re: FTP Data Channels Through Reverse Proxy

[David Latorre]

Hi Kenneth,

Of course there are FTP-capable (reverse) proxies out there.  Maybe there
are no free ones; that´s different...

Regarding when to close the data channel, that should be easy: if the FTP
server closes the data channel, the proxy server should close it as
well...  Is there a reason why you can´t do that? It´s been a while since I
developed our small proxy but I´m quite sure it was enough for us.

You mention you´ve been debugging the issue for 6 weeks but only recently
(the last day?) realised that the data channel was not closed by the proxy.
I think you need some way to get a better insight on what the proxy is
doing.  My recommendation is a tcpdump network trace from the Proxy server
itself so you can capture the traffic between the FTP server and the proxy,
as well as the traffic between the proxy and the client.


If I have understood your problem correctly, you think the "unknown
internal server error" only happens when there´s a proxy between client and
server (although that should be transparent for the server).  It´s of
course a potential explanation, but in all honesty, I haven´t even seen any
evidence that the FTPServer is the one closing the control channel. If the
network traces say that it´s definitely the FTPServer deciding to close the
connection and the SFTP server logs don´t show anything, I believe you´ll
have to debug  the FTPServer to see what´s going on.

I´m sorry we cannot be more helpful. It was with a previous version of
FTPServer, but we have used a proxy to forward FTPS traffic to Mina
Ftpserver so I´m hoping you´ll finally get to the bottom of this.

Best regards,
David


El jue., 22 ago. 2019 a las 21:15, Kenneth Taylor (<
kenneth.tay...@dataexpress.com>) escribió:

> David,
>
> When you say "a proxy that understands FTP", there is no such proxy.
> Remember we are doing reverse proxy, not proxy.  And the proxy we are using
> is one we wrote.  And we do have to tell it when to close the data
> channel.  There is nothing to magically do that.  We have now changed our
> server Ftplet.afterCommand() to look for the 226 reply and to call the
> proxy to close the data chnnel. So that part is fixed.
>
> But the client still fails on MLSD response. It does not understand what
> is coming from the proxy I guess, but its identical to what's coming from
> the server.  So the only thing that could be causing the problem is that
> Apache is closing the command channel, which we see it doing, and it should
> not be doing that.  We set all the timeouts to large values so that’s not
> it.
>
> I think we've stumbled upon a bug.  We've been debugging this for 6 weeks
> so we didn't come to this conclusion lightly.  Could there be a hard coded
> timeout that we just happen to be tripping because the proxy imparts a
> small delay?   I did see in the debugger a write timeout that users don't
> have access to and it was set to 60.  Our entire test session only lasts
> about 3 seconds.
>
> Our proxy is very simple. Its just a client side socket and a server side
> socket with stream copiers for the 4 streams.  Nothing magical.  It should
> be completely transparent.  The stream copiers are doing line-based IO to
> match FTP with auto-flush on.  We know the socket close logic is at the
> heart of the problem.  Apache is closing the command socket and I'll bet
> there is some internal hidden error causing that.
>
> Thanks.
> Ken
>
> -Original Message-
> From: David Latorre 
> Sent: Thursday, August 22, 2019 12:51 PM
> To: ftpserver-users@mina.apache.org
> Subject: Re: FTP Data Channels Through Reverse Proxy
>
> From your first line I understand that the problem is with the proxy
> that's not closing the data channel, isn't it?
>
> I guess that for a proxy that understands FTP ,you shouldn't do anything
> to ensure the proxy closes the channel when the transfer is done.
>
> It's not clear from your message but I would think that if the connection
> gets closed it will be due to some inactivity timeout being reached. Other
> than the idle time, I cannot understand why the control channel would be
> closed, I can guarantee it's never happened to us.
>
> Overriding PASV to provide a different IP address works fine and is
> correctly supported. I don't know why you want to capture anything after
> MLSD completes. If the data channel is closed the FTP proxy will close it's
> own data channel to the client. If it doesn't, you need to see how to fix
> the proxy. Why would you try to workaround it for just the MLSD command?
> don't you ever need to download files?
> I wouldn't try to find a workaround in any case to be honest.
>
>
> Best regards,
> David
>
> On Thu, 22 Aug 2019, 17:33 Kenneth Taylor,  >
> wrote:
>
> > It looks like the problem is in the closing o

Re: FTP Data Channels Through Reverse Proxy

[David Latorre]

>From your first line I understand that the problem is with the proxy that's
not closing the data channel, isn't it?

I guess that for a proxy that understands FTP ,you shouldn't do anything to
ensure the proxy closes the channel when the transfer is done.

It's not clear from your message but I would think that if the connection
gets closed it will be due to some inactivity timeout being reached. Other
than the idle time, I cannot understand why the control channel would be
closed, I can guarantee it's never happened to us.

Overriding PASV to provide a different IP address works fine and is
correctly supported. I don't know why you want to capture anything after
MLSD completes. If the data channel is closed the FTP proxy will close it's
own data channel to the client. If it doesn't, you need to see how to fix
the proxy. Why would you try to workaround it for just the MLSD command?
don't you ever need to download files?
I wouldn't try to find a workaround in any case to be honest.


Best regards,
David

On Thu, 22 Aug 2019, 17:33 Kenneth Taylor, 
wrote:

> It looks like the problem is in the closing of the data channel. Its
> happening on the server but not on the proxy so the client hangs waiting
> for that to happen, unless the command channel closes.  Apache, for some
> reason, closes the command channel after the "226 Closing data connection"
> is sent.  Why?  I found this by preventing the command channel from closing
> on the proxy, and that caused the client to hang after receiving the MLSD
> response.  So the previous behavior was misleading because Apache closing
> the command channel was being seen by the client which was giving up the
> session entirely but complaining about the MLSD failing.
>
> So is this a bug in Apache or just a missing piece?  How would I catch the
> 226 response so I could tell the proxy to close the DC?
>
> We can't use afterCommand() for PASV because that would cause Apache to
> open its own DC.  So it seems like we have to do an afterCommand() for
> MLSD, but then we'd have to know this was for a DC and close that DC
> instead of the Command Channel. Ugh!
>
> Thanks.
> Ken
>
> -Original Message-
> From: Kenneth Taylor 
> Sent: Thursday, August 22, 2019 9:01 AM
> To: ftpserver-users@mina.apache.org
> Subject: RE: FTP Data Channels Through Reverse Proxy
>
> Thanks for the response David.  I have used 3 different clients
> (FileZilla, WinSCP and custom) and they all respond the same.  I can see
> the MLSD response on the Proxy and that its sending it to the client.
> That's why we are stumped.  We cannot see any difference between Proxy and
> No Proxy.  But Apache is closing the Data Channel & Session after sending
> the MLSD response, and it should not.  Connecting direct, the Data Channel
> does not get closed, but I suppose that could be because Apache is
> detecting some kind of error that it is not reporting.  I've turned the
> logs all the way up and don't see anything that would help.
>
> A network trace might be a good idea.  We will try a wireshark scan.
>
> One thing that just occurred to me is that Apache may be opening more than
> one Data Channel and sending the MLSD response down the wrong pipe.  Not
> sure why it would do that since our PASV handler is a direct copy of the
> Apache one (PASV), except with the change of IP and Port in the reponse.
> Our Ftplet returns the ResultType of SKIP in the beforeCommand() for PASV
> which should stop Apache from opening its own data channel, right?
>
> Has Apache ever tested this?  I would think putting an FTP Server behind a
> reverse proxy would be VERY common.  Our customers demand it.
>
> I will have to look at the FTP RFCs again but I don't remember if any
> messages are supposed to go through the data channel from the client to the
> server.  Could it be that Apache is expecting something on that stream,
> even if its just an ACK or disconnect?
>
> Thanks.
> Ken
>
> -Original Message-
> From: David Latorre 
> Sent: Wednesday, August 21, 2019 6:09 PM
> To: ftpserver-users@mina.apache.org
> Subject: Re: FTP Data Channels Through Reverse Proxy
>
> Ah sorry,
>  I was rechecking something and made a mistake regarding the IP address in
> the PASV response. In any case, unless you have proof (logs from the server
> or network traces of the server <-> proxy bit) that the server returns
> invalid data in the proxy case, I think you should focus on verifying why
> the client is failing and, if it is caused by an invalid response, why the
> proxy is generating it.
>
>
>
>
> On Thu, 22 Aug 2019, 00:03 David Latorre,  wrote:
>
> > Hi Kenneth,
> >
> > Shouldn't you receive the proxy address as a response to PASV when
> > g

Re: FTP Data Channels Through Reverse Proxy

[David Latorre]

Ah sorry,
 I was rechecking something and made a mistake regarding the IP address in
the PASV response. In any case, unless you have proof (logs from the server
or network traces of the server <-> proxy bit) that the server returns
invalid data in the proxy case, I think you should focus on verifying why
the client is failing and, if it is caused by an invalid response, why the
proxy is generating it.




On Thu, 22 Aug 2019, 00:03 David Latorre,  wrote:

> Hi Kenneth,
>
> Shouldn't you receive the proxy address as a response to PASV when going
> through the proxy? Otherwise it would bypass the proxy, but I'm assuming
> you should not  connect directly from the client to the server and that's
> why you need a proxy. I'm a bit puzzled since you state that the proxy
> receives the response to MLSD but the IP that the client sees for PASV is
> the same in both cases.
>
> Your client log for the proxy case does not show any listing as a response
> for MLSD, so it's difficult to know what's going on. If you cannot get any
> logs for that, get some network traces with tcpdump and check what's going
> on. Enabling more detailed logging in the client might also help (you can
> configure that in the Filezilla settings).  Server logs might also prove
> useful.
>
> In any case  I don't see how this would be caused by Ftpserver with the
> information you've given.
>
>
>
> On Wed, 21 Aug 2019, 21:56 Kenneth Taylor, 
> wrote:
>
>> We are trying to get Apache FTP Server to work behind a reverse proxy.
>> The only thing not working is the data channels. We use an Ftplet to
>> intercept and handle the PASV command and substitute our proxy’s IP and
>> port in the PASV response. That all seems to work fine.  We are testing it
>> with FileZilla client and our server works perfectly when connecting
>> directly to the server but fails when going through the proxy.
>>
>>
>>
>> We can see the data connections being established on both the server and
>> the proxy. Our proxy logs every forwarded message and we can see that all
>> client and server messages are being forwarded both ways.
>>
>>
>>
>> The problem is that after the PASV command happens the next comand is
>> MLSD and we can see the server sending the correct response and the proxy
>> is forwarding the listing. But the client interprets the response
>> incorrectly and closes the session.  After looking at this for many many
>> hours we’re stumped.
>>
>>
>>
>> Our Proxy is a very simple IO streams forwarder, with a control
>> connection to tell the Proxy when to open data channels that forward back
>> to the data channel opened by Apache on the Server.
>>
>>
>>
>> This is the client log when connecting direct:
>>
>>
>>
>> 14:10:44 Command: PASV
>>
>> 14:10:44 Response: 227 Entering Passive Mode (192,168,0,173,40,122)
>>
>> 14:10:44 Trace:   Binding data connection source IP to control
>> connection source IP 192.168.0.92
>>
>> 14:10:44 Command: MLSD
>>
>> 14:10:44 Response: 150 File status okay; about to open data connection.
>>
>> 14:10:44 Response: 226 Closing data connection.
>>
>> 14:10:44 Listing:  Size=0;Modify=20190814174646.670;Type=dir; Monthly
>>
>> 14:10:44 Listing:  Size=0;Modify=20190814180307.721;Type=dir; Weekly
>>
>> 14:10:44 Listing:  Size=0;Modify=20190814174833.915;Type=dir; Daily
>>
>> 14:10:44 Listing:  Size=0;Modify=20190814175140.777;Type=dir; Archive
>>
>> 14:10:44 Status:  Directory listing of "/" successful
>>
>>
>>
>> This is the client log when connecting through the proxy:
>>
>>
>>
>> 14:37:16 Command: PASV
>>
>> 14:37:16 Response: 227 Entering Passive Mode (192,168,0,91,202,228)
>>
>> 14:37:16 Trace:   Binding data connection source IP to control
>> connection source IP 192.168.0.173
>>
>> 14:37:16 Command: MLSD
>>
>> 14:37:16 Response: 150 File status okay; about to open data connection.
>>
>> 14:37:16 Response: 226 Closing data connection.
>>
>> 14:37:16 Error:   Disconnected from server: ECONNABORTED - Connection
>> aborted
>>
>> 14:37:16 Error:   Failed to retrieve directory listing
>>
>>
>>
>> One weird thing we see is that the “226 Closing data connection” shows up
>> on the proxy after the MLSD listing is returned. When connecting direct it
>> is before the listing in the client log, but in all cases these messages
>> are coming from the same server so that may be a logging anomaly.
>>
>>

Re: FTP Data Channels Through Reverse Proxy

[David Latorre]

Hi Kenneth,

Shouldn't you receive the proxy address as a response to PASV when going
through the proxy? Otherwise it would bypass the proxy, but I'm assuming
you should not  connect directly from the client to the server and that's
why you need a proxy. I'm a bit puzzled since you state that the proxy
receives the response to MLSD but the IP that the client sees for PASV is
the same in both cases.

Your client log for the proxy case does not show any listing as a response
for MLSD, so it's difficult to know what's going on. If you cannot get any
logs for that, get some network traces with tcpdump and check what's going
on. Enabling more detailed logging in the client might also help (you can
configure that in the Filezilla settings).  Server logs might also prove
useful.

In any case  I don't see how this would be caused by Ftpserver with the
information you've given.



On Wed, 21 Aug 2019, 21:56 Kenneth Taylor, 
wrote:

> We are trying to get Apache FTP Server to work behind a reverse proxy. The
> only thing not working is the data channels. We use an Ftplet to intercept
> and handle the PASV command and substitute our proxy’s IP and port in the
> PASV response. That all seems to work fine.  We are testing it with
> FileZilla client and our server works perfectly when connecting directly to
> the server but fails when going through the proxy.
>
>
>
> We can see the data connections being established on both the server and
> the proxy. Our proxy logs every forwarded message and we can see that all
> client and server messages are being forwarded both ways.
>
>
>
> The problem is that after the PASV command happens the next comand is MLSD
> and we can see the server sending the correct response and the proxy is
> forwarding the listing. But the client interprets the response incorrectly
> and closes the session.  After looking at this for many many hours we’re
> stumped.
>
>
>
> Our Proxy is a very simple IO streams forwarder, with a control connection
> to tell the Proxy when to open data channels that forward back to the data
> channel opened by Apache on the Server.
>
>
>
> This is the client log when connecting direct:
>
>
>
> 14:10:44 Command: PASV
>
> 14:10:44 Response: 227 Entering Passive Mode (192,168,0,173,40,122)
>
> 14:10:44 Trace:   Binding data connection source IP to control
> connection source IP 192.168.0.92
>
> 14:10:44 Command: MLSD
>
> 14:10:44 Response: 150 File status okay; about to open data connection.
>
> 14:10:44 Response: 226 Closing data connection.
>
> 14:10:44 Listing:  Size=0;Modify=20190814174646.670;Type=dir; Monthly
>
> 14:10:44 Listing:  Size=0;Modify=20190814180307.721;Type=dir; Weekly
>
> 14:10:44 Listing:  Size=0;Modify=20190814174833.915;Type=dir; Daily
>
> 14:10:44 Listing:  Size=0;Modify=20190814175140.777;Type=dir; Archive
>
> 14:10:44 Status:  Directory listing of "/" successful
>
>
>
> This is the client log when connecting through the proxy:
>
>
>
> 14:37:16 Command: PASV
>
> 14:37:16 Response: 227 Entering Passive Mode (192,168,0,91,202,228)
>
> 14:37:16 Trace:   Binding data connection source IP to control
> connection source IP 192.168.0.173
>
> 14:37:16 Command: MLSD
>
> 14:37:16 Response: 150 File status okay; about to open data connection.
>
> 14:37:16 Response: 226 Closing data connection.
>
> 14:37:16 Error:   Disconnected from server: ECONNABORTED - Connection
> aborted
>
> 14:37:16 Error:   Failed to retrieve directory listing
>
>
>
> One weird thing we see is that the “226 Closing data connection” shows up
> on the proxy after the MLSD listing is returned. When connecting direct it
> is before the listing in the client log, but in all cases these messages
> are coming from the same server so that may be a logging anomaly.
>
>
>
> Thanks for any help.
>
> Ken
>
>
>
> Disclaimer: This email from DMBGroup LLC, DMB Consulting Services LLC, or
> the personnel associated with either entity (collectively "*DMB*") and
> attachments, contain *CONFIDENTIAL, PRIVILEGED AND PROPRIETARY *information
> for exclusive use of the addressee individual(s) or entity. Unauthorized
> viewing, copying, disclosure, distribution or use of this e-mail or
> attachments may be subject to legal restriction or sanction. If received in
> error, notify sender immediately by return e-mail and delete original
> message and attachments. Nothing contained in this e-mail or attachments
> shall satisfy the requirements for a writing unless specifically stated.
> Nothing contained herein shall constitute a contract or electronic
> signature under the Electronic Signatures in Global and National Commerce
> Act, any version of the Uniform Electronic Transactions Act or any other
> statute governing electronic transactions. Opinions and statements
> expressed in this e-mail and any attachments are those of the individual
> sender and not necessarily of DMB. DMB does not guarantee this e-mail
> transmission is secured, error or virus-free. Neither DMB nor 

Re: how to disable plain ftp when server is configured with explicit ftp

[David Latorre]

from the top of my head, I think there's an isSecure() method you can use
in a FTPLet...

El mié., 6 feb. 2019 a las 11:30, Chandrashekhar H S
() escribió:

> Hi,
>
> Is it possible to disable plain-ftp connections when the apache ftp server
> is configured to work with explicit-ssl?
>
> Thanks,
> Chandrashekar
>

Re: Embedded FTP Server / adding files

[David Latorre]

There is an implementation of filesystemview over commons vfs that could be
a good solution for you. I think there used to be a link in the project's
website.

El 27 oct. 2017 10:02, "John Hartnup"  escribió:

> The simplest approach is probably the standard FileSystemViews configured
> to use a temporary directory.
>
> Your tests can populate and check the contents of that directory directly.
>
> Slightly more sophisticated - you could create an in-memory filesystem.
> Have a look at this as an example:
> https://github.com/stefanbirkner/fake-sftp-server-rule/blob/master/src/
> main/java/com/github/stefanbirkner/fakesftpserver/
> rule/FakeSftpServerRule.java
>
> The example uses Apache SSHServer, but a very similar approach ought to
> work in Mina SFTPd.
>
> If you do decide to implement your own virtual FileSystemView, you'll find
> there's a lot of methods to implement, but they're all pretty easy to do.
> Maybe give yourself a couple of hours research spike to create a
> FileSystemView that presents one directory containing one file with a fixed
> content; after which you'll know exactly what's going on.
>
>
>
> On Tue, Oct 17, 2017 at 4:00 PM Oliver Zemann 
> wrote:
>
> > Hi,
> >
> > i would like to integrate Apache Mina FTP Server into my project for
> > integration tests. I need to add some files to it, which should be
> > downloaded and then processed. The files i want to use in the
> > integration tests are located in the resources. Is it correct that i
> > have to implement FileSystemView and set that on the
> > ServerFactory.setFileSystem ?
> >
> > I used another library which was able to do something like that:
> > ftpServer.addFile(inputStreamFromResourcesFile,
> > "/path/where/to/put/the/file")
> >
> > Something like a virtual file system. Does apache mina ftp have
> > something like that? Unfortunately, the documentation is very limited
> > when it comes to embedding the ftp server and file handling and it feels
> > a bit overkill to implement FileSystemView.
> >
> > Thanks!
> >
> > Oli
> >
> >
>

Re: Trying to use ftpserver 1.0.6 standalone on Windows, unable to configure users

[David Latorre]

Hello alain,

I have never used the utility myself, but I guess you should double check
that the jar files you are including in the 'cp' argument do exist.
El 09/09/2015 05:27, "Lanteigne, Alan"  escribió:

> Hello,
>
> I've been trying to set up ftpd 1.0.6 on a windows machine and use the
> users.properties and ftpd-typical.xml configuration as a starting point.  I
> am able to launch ftpd.exe and use the XML file as the configuration file,
> but cannot authenticate and cannot add users.  The documentation is pretty
> sparse and the page attempting to detail how to add a user from the command
> line provides commands that do not work.  The command provided is:
>
> https://mina.apache.org/ftpserver-project/managing_users.html
>
> java -cp
> ftpserver-core-1.0.0-M4.jar;ftplet-api-1.0.0-M4.jar;mina-core-2.0.0-M3.jar;
> [slf4j-api-1.5.2.jar;slf4j-simple-1.5.2.jar
> [ org.apache.ftpserver.main.AddUser path/to/your/config.xml
>
> I have attempted to run this command (but changed the version number to
> 1.0.6 as directed) but it fails.  slf4j-simple-1.5.2.jar does not exist.
> I've tried with and without the apparent type of  in the middle of the
> command as well. What is the proper way to add/configure/delete users via
> command line?  Is there a more complete documentation set available?  I am
> not a Java dev, just looking for a CLI controllable SFTP server to
> configure and use.
>
> Thanks!
>
> Alan
>
>

Re: Problem with FTPServer / MINA on Tomcat

[David Latorre]

Try removing the Mina-core dependency.  It doesn't specify the version
number and it is probably being included as a transitive dependency of Mina
ftpserver anyway.
In case mina-core didn't get included,  specify the correct version (2.0.4
I think) for the library
El 08/07/2015 12:33, David Weisgerber david.weisger...@ms-gmbh.de
escribió:

 Hi there,
 for some days I am struggling to get the FTPServer running on my Tomcat
 instance. I have my implementatio for the FTPServer, as I need it, running
 in a jUnit-test environment but as soon as I deploy it to tomcat I get the
 following Error (not Exception(!)) as soon as a client connects to the
 FTPServer:
 Exception in thread pool-1-thread-1
 java.lang.IncompatibleClassChangeError
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:277)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain.addLast(DefaultIoFilterChain.java:174)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder.buildFilterChain(DefaultIoFilterChainBuilder.java:452)
 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.addNow(AbstractPollingIoProcessor.java:530)
 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.handleNewSessions(AbstractPollingIoProcessor.java:503)
 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:68)
 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1133)
 at
 org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
 at
 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
 at
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
 at java.lang.Thread.run(Thread.java:745)

 I am totally unsure which component is in conflict and causes this error.
 I think that SLF4J and Mina-core should be in the correct version. Can this
 error come because of some weird problem with AOP components coming with
 Spring?
 This is how I add the dependencies to Spring:
 dependency
 groupIdorg.apache.ftpserver/groupId
 artifactIdftpserver-core/artifactId
 version1.0.6/version
 exclusions
 exclusion

 groupIdorg.springframework/groupId

 artifactIdspring-context/artifactId
 /exclusion
 /exclusions
 /dependency
 dependency
 groupIdorg.apache.mina/groupId
 artifactIdmina-core/artifactId
 /dependency


 Thanks for help,

 Mit freundlichen Grüßen,
 David Weisgerber

 ---
 David Weisgerber
 Software Entwickler
 MS GmbH
 Leibnizstraße 7
 85521 Ottobrunn

Re: accessing ftp server from remote client

[David Latorre]

I believe your client might be using active mode instead of passive mode.
Is that possible?  In that case,  you also need to allow connections from
your ftp server to the Ftp client.
 El 11/06/2015 05:43, Derya Altuntas deryaaltun...@gmail.com escribió:

  I am using apache ftp server 1.05 as server, commons-net jar as accessing
 server from a remote client.

 I  have defined inbound/outbound rules for port 2121, 21 on my server site
 which FTP server is installed.

 Then I run my program but it throws above exception in ftp  side.

 [ WARN] 2015-06-03 17:21:00,901 [siguard] [141.29.18.175]
 FtpDataConnection.getDataSocket()
 java.net.ConnectException: Connection refused: connect
 at java.net.PlainSocketImpl.socketConnect(Native Method)
 at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
 at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
 at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
 at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
 at java.net.Socket.connect(Socket.java:529)
 at java.net.Socket.connect(Socket.java:478)
 at
 org.apache.ftpserver.impl.IODataConnectionFactory.createDataSocket(IODataConnectionFactory.java:314)
 at
 org.apache.ftpserver.impl.IODataConnectionFactory.openConnection(IODataConnectionFactory.java:259)
 at org.apache.ftpserver.command.impl.LIST.execute(LIST.java:114)
 at
 org.apache.ftpserver.impl.DefaultFtpHandler.messageReceived(DefaultFtpHandler.java:210)
 at
 org.apache.ftpserver.listener.nio.FtpHandlerAdapter.messageReceived(FtpHandlerAdapter.java:61)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
 at
 org.apache.ftpserver.listener.nio.FtpLoggingFilter.messageReceived(FtpLoggingFilter.java:85)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
 at
 org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71)
 at
 org.apache.mina.filter.logging.MdcInjectionFilter.filter(MdcInjectionFilter.java:136)
 at
 org.apache.mina.filter.util.CommonEventFilter.messageReceived(CommonEventFilter.java:70)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
 at
 org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
 at
 org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
 at
 org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71)
 at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
 at
 org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTask(OrderedThreadPoolExecutor.java:780)
 at
 org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTasks(OrderedThreadPoolExecutor.java:772)
 at
 org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.run(OrderedThreadPoolExecutor.java:714)
 at java.lang.Thread.run(Thread.java:662)
 [ INFO] 2015-06-03 17:21:00,901 [siguard] [141.29.18.175] SENT: 150 File
 status okay; about to open data connection.

 [ INFO] 2015-06-03 17:21:00,901 [siguard] [141.29.18.175] SENT: 425 Can't
 open data connection.


 Then I changed ftpd-typical. xml. I have added passive ports definition
 there. Then I also defined inbound/outbound rules for these  ports on
 firewall. Then I can list files. But I can not upload/download files. I
 think Server is also using other ports except ones defined in xml.

 I am sending logs

Re: Connection refused error when internal IP address is set on listener

[David Latorre]

Oh I thought your problem was with the data connection.

If the only difference is the internal IP,  it might be the that internal
ip you set is incorrect( or, at least,  it is not the ip to which you are
trying to  connect with Filezilla).
Besides enabling logging in the server side you can use standard OS
commands to check if your server is listening (netstat -an,  telnet from
local host etc.)
El 09/06/2015 16:03, Martin Wunderlich m...@censhare.de escribió:

 This is the log output I get when I set the log level to Debug:
 (the contents are identical in the console and the log file)

 16:01:50 Status:Disconnected from server
 16:01:50 Trace: CControlSocket::DoClose(64)
 16:01:50 Trace: CControlSocket::DoClose(64)
 16:01:50 Trace: CControlSocket::DoClose(64)
 16:01:50 Trace: CFileZillaEnginePrivate::ResetOperation(0)
 16:01:50 Status:Resolving address of example.com
 16:01:50 Status:Connecting to 123.123.123.123:4243...
 16:01:50 Status:Connection attempt failed with ECONNREFUSED -
 Connection refused by server.
 16:01:50 Trace: CRealControlSocket::OnClose(61)
 16:01:50 Trace: CControlSocket::DoClose(64)
 16:01:50 Trace: CFtpControlSocket::ResetOperation(66)
 16:01:50 Trace: CControlSocket::ResetOperation(66)
 16:01:50 Error: Could not connect to server
 16:01:50 Trace: CFileZillaEnginePrivate::ResetOperation(66)

 Cheers,

 Martin


  Am 09.06.2015 um 15:47 schrieb David Latorre dvl...@gmail.com:
 
  Probably the full Filezilla log file will be enough
  El 09/06/2015 15:46, Martin Wunderlich m...@censhare.de escribió:
 
  Hi David,
 
  There isn’t much in the log files, I am afraid. This is what I get with
  Filezilla on the client side:
 
  15:44:30 Status:Resolving address of exmample.com
  15:44:30 Status:Connecting to 123.123.123.123:4243...
  15:44:30 Status:Connection attempt failed with ECONNREFUSED -
  Connection refused by server.
  15:44:30 Error: Could not connect to server
 
  There is nothing logged on the server side. Sorry, not much help, I
 know.
 
  Cheers,
 
  Martin
 
 
 
 
  Am 09.06.2015 um 15:36 schrieb David Latorre dvl...@gmail.com:
 
  Martin,
 
  Can you include the log file (with the messages which have been
 received
  and sent)  of the Ftp server?  Also,  the log file of the ftp client
  would
  be helpful
  El 09/06/2015 15:25, Martin Wunderlich m...@censhare.de escribió:
 
  No, in the client I set the external IP address, because the server is
  accessed from outside the firewall. This external IP address is also
  configured on the server-side, of course.
 
  Cheers,
 
  Martin
 
 
  Am 09.06.2015 um 15:18 schrieb Alessio Santacroce 
  alessio.santacr...@gmail.com:
 
  Stupid question...
  when you set the ip to the ftp server, do you use the same ip on the
  ftp
  client as well?
 
  On Tuesday, June 9, 2015, Martin Wunderlich m...@censhare.de
 wrote:
 
  Hi all,
 
  We observed some strange behavior that I can’t quite explain: Our
 FTP
  server is running in passive mode and offering a listener for FTP
 over
  TLS.
  When the internal IP address is set in the configuration, I am not
  able
  to
  connect with the FTP client (tested with both Filezilla and
  Cyberbuck).
  The
  error „Connection refused“ is raised when trying to connect.
 However,
  when
  the internal IP address is set to „0.0.0.0“, the connection is
 fine. I
  have
  stepped through the code and the listener seems to be instantiated
  alright.
  So, what could be the problem?
 
  Cheers,
 
  Martin
 
 
 
 
  censhare featured as Cool Vendor for Content Management by Gartner
 
 
 
 
  censhare featured as Cool Vendor for Content Management by Gartner
 
 
 
 
  censhare featured as Cool Vendor for Content Management by Gartner
 



 censhare featured as Cool Vendor for Content Management by Gartner

Re: Connection refused error when internal IP address is set on listener

[David Latorre]

Probably the full Filezilla log file will be enough
El 09/06/2015 15:46, Martin Wunderlich m...@censhare.de escribió:

 Hi David,

 There isn’t much in the log files, I am afraid. This is what I get with
 Filezilla on the client side:

 15:44:30 Status:Resolving address of exmample.com
 15:44:30 Status:Connecting to 123.123.123.123:4243...
 15:44:30 Status:Connection attempt failed with ECONNREFUSED -
 Connection refused by server.
 15:44:30 Error: Could not connect to server

 There is nothing logged on the server side. Sorry, not much help, I know.

 Cheers,

 Martin




  Am 09.06.2015 um 15:36 schrieb David Latorre dvl...@gmail.com:
 
  Martin,
 
  Can you include the log file (with the messages which have been received
  and sent)  of the Ftp server?  Also,  the log file of the ftp client
 would
  be helpful
  El 09/06/2015 15:25, Martin Wunderlich m...@censhare.de escribió:
 
  No, in the client I set the external IP address, because the server is
  accessed from outside the firewall. This external IP address is also
  configured on the server-side, of course.
 
  Cheers,
 
  Martin
 
 
  Am 09.06.2015 um 15:18 schrieb Alessio Santacroce 
  alessio.santacr...@gmail.com:
 
  Stupid question...
  when you set the ip to the ftp server, do you use the same ip on the
 ftp
  client as well?
 
  On Tuesday, June 9, 2015, Martin Wunderlich m...@censhare.de wrote:
 
  Hi all,
 
  We observed some strange behavior that I can’t quite explain: Our FTP
  server is running in passive mode and offering a listener for FTP over
  TLS.
  When the internal IP address is set in the configuration, I am not
 able
  to
  connect with the FTP client (tested with both Filezilla and
 Cyberbuck).
  The
  error „Connection refused“ is raised when trying to connect. However,
  when
  the internal IP address is set to „0.0.0.0“, the connection is fine. I
  have
  stepped through the code and the listener seems to be instantiated
  alright.
  So, what could be the problem?
 
  Cheers,
 
  Martin
 
 
 
 
  censhare featured as Cool Vendor for Content Management by Gartner
 
 
 
 
  censhare featured as Cool Vendor for Content Management by Gartner
 



 censhare featured as Cool Vendor for Content Management by Gartner

Re: Connection refused error when internal IP address is set on listener

[David Latorre]

Martin,

Can you include the log file (with the messages which have been received
and sent)  of the Ftp server?  Also,  the log file of the ftp client would
be helpful
El 09/06/2015 15:25, Martin Wunderlich m...@censhare.de escribió:

 No, in the client I set the external IP address, because the server is
 accessed from outside the firewall. This external IP address is also
 configured on the server-side, of course.

 Cheers,

 Martin


  Am 09.06.2015 um 15:18 schrieb Alessio Santacroce 
 alessio.santacr...@gmail.com:
 
  Stupid question...
  when you set the ip to the ftp server, do you use the same ip on the ftp
  client as well?
 
  On Tuesday, June 9, 2015, Martin Wunderlich m...@censhare.de wrote:
 
  Hi all,
 
  We observed some strange behavior that I can’t quite explain: Our FTP
  server is running in passive mode and offering a listener for FTP over
 TLS.
  When the internal IP address is set in the configuration, I am not able
 to
  connect with the FTP client (tested with both Filezilla and Cyberbuck).
 The
  error „Connection refused“ is raised when trying to connect. However,
 when
  the internal IP address is set to „0.0.0.0“, the connection is fine. I
 have
  stepped through the code and the listener seems to be instantiated
 alright.
  So, what could be the problem?
 
  Cheers,
 
  Martin
 
 
 
 
  censhare featured as Cool Vendor for Content Management by Gartner
 



 censhare featured as Cool Vendor for Content Management by Gartner

Re: disable sslv3

[David Latorre]

As Erick says,  you need to invoke  SSLFilter.setEnabledProtocols()  .   If
you are willing to provide a patch in order to expose the EnabledProtocols
 method in the Listener configuration, we will be happy to integrate it
into the  FTPServer  code .


Kindest regards,



2015-01-21 12:13 GMT+01:00 Erick Lichtas elich...@linoma.com:

 Hello,

 I'm not sure how much work has been done with this on the project with
 this lately, but what needs to be added is an option that allows the
 'enabled ssl protocols' to be set on the mina SSLFilter in a few spots.
 Basically, every place in the code that calls
 sslFilter.setEnabledCipherSuites(..) should also/instead call
 sslFilter.setEnabledProtocols(..).  If such is done, you can granularly
 control which SSL/TLS protocols are enabled on the server. And this works
 well for the Oracle and IBM jvms.

 Regards,
 Erick

 -Original Message-
 From: juergen sorg [mailto:j.s...@fz-juelich.de]
 Sent: Wednesday, January 21, 2015 12:58 AM
 To: ftpserver-users@mina.apache.org
 Subject: disable sslv3

 hi,

 is it possible to disable some SSL and TLS versions in apache mina ftp
 server?
 i read the documentation, but there is only the option to choose between
 SSL or TLS. and if i specifiy TLS in the configuration (spring confign
 file) then the same protocols are enabled as i use SSL (i could connect
 by using openssl client with SSLv3, TLSv1 TLSv1.1 TLSv1.2

 thanks in advance

 gruss juergen

Re: How to suppress logging of SSLHandshakeException

[David Latorre]

Uh,  when I said 'servlet' I meant  ftplet.

​

Re: How to suppress logging of SSLHandshakeException

[David Latorre]

Hello Martin,

 If I understand you correctly,  there are cases in which the session is
closed due to a  javax.net.ssl.SSLHandshakeException , but you do not want
to show any of this in the logfile?  Thus, you do not want the
2014.12.04-15:51:20.429
INFO   : pool-3-thread-5: FtpLoggingFilter: CLOSED  line either. Is that
correct?


If you only want to ignore the stacktrace, you might change the
 FtpLoggingFilter and recompile Mina FTP Server or maybe you can  modify
the FilterChain in a servlet when you get the  AUTH TLS request and
 substitute FtpLoggingFilter for your own implementation. I do not know if
there is a way to solve this using NDC or MDC...


Kindest regards,

 David Latorre








2014-12-15 9:15 GMT+01:00 Martin Wunderlich m...@censhare.de:

 Hi all,

 we recently noticed that the Apache MINA FTPServer will log an
 javax.net.ssl.SSLHandshakeException when the server does not have a valid
 certificate. The complete stracktrace from the log files is listed below.
 Since it is logged on the MINA-side, it doesn’t even reach my section of
 the Java code.

 Is there a way to suppress the logging of this particular Exception while
 retaining the loggings of other WARNINGs?

 Cheers,

 Martin



 2014.12.04-15:51:20.318 INFO   : NioProcessor-9: FtpLoggingFilter: CREATED
 2014.12.04-15:51:20.320 INFO   : pool-3-thread-5: FtpLoggingFilter: OPENED
 2014.12.04-15:51:20.321 INFO   : pool-3-thread-6: FtpLoggingFilter: SENT:
 220 Service ready for new user.

 2014.12.04-15:51:20.333 INFO   : pool-3-thread-5: FtpLoggingFilter:
 RECEIVED: AUTH TLS
 2014.12.04-15:51:20.425 WARNING: pool-3-thread-6: FtpLoggingFilter:
 EXCEPTION :
 javax.net.ssl.SSLHandshakeException: SSL handshake failed.
 at
 org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:507)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943)
 at
 org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)
 at
 org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:535)
 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:714)
 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668)
 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657)
 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:67)
 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1121)
 at
 org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
 at
 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
 at
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
 at java.lang.Thread.run(Thread.java:745)
 Caused by: javax.net.ssl.SSLHandshakeException: Invalid Padding length: 140
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
 at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1683)
 at
 sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:959)
 at
 sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
 at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
 at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
 at
 org.apache.mina.filter.ssl.SslHandler.unwrap(SslHandler.java:748)
 at
 org.apache.mina.filter.ssl.SslHandler.unwrapHandshake(SslHandler.java:683)
 at
 org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:569)
 at
 org.apache.mina.filter.ssl.SslHandler.messageReceived(SslHandler.java:355)
 at
 org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:488)
 ... 15 more
 Caused by: javax.crypto.BadPaddingException: Invalid Padding length: 140
 at sun.security.ssl.CipherBox.removePadding(CipherBox.java:684)
 at sun.security.ssl.CipherBox.decrypt(CipherBox.java:423)
 at sun.security.ssl.InputRecord.decrypt(InputRecord.java:154)
 at
 sun.security.ssl.EngineInputRecord.decrypt(EngineInputRecord.java:192)
 at
 sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:953)
 ... 23 more
 2014.12.04-15:51:20.427 SEVERE : pool-3-thread-6: DefaultFtpHandler:
 Exception caught, closing session
 javax.net.ssl.SSLHandshakeException: SSL handshake

Re: Error while connection to FTP server running implicit SSL

[David Latorre]

Martin,

 Could you attach Filezilla and  Mina FTPServer log files as well as
FTPServer configuration xml and  Filezilla's config (either screenshot or
 XML file without the passwords)?


2014-06-30 10:57 GMT+02:00 Martin Wunderlich m...@censhare.de:

 Hi all,

 I am expanding our MINA-based FTP server by adding a setting for implicit
 vs. explicit SSL. I have made all the necessary changes, but for some
 reason I can’t connect to the server anymore when implicit SSL is set to
 true. In explicit SSL mode it works fine.
 When trying to connect, I get the error message:
 Connection established, waiting for welcome message...

 And then the FileZilla client just hangs until it has timed out…

 Any ideas anyone?
 Thanks a lot.

 Cheers,

 Martin

Re: Doubt on partial files

[David Latorre]

Hello Edson,

Even though you might achieve that by using a FTPlet, I think a better
solution is that the Ftp client itself renames the file after a successful
upload.
El 22/03/2014 19:06, Edson Richter edsonrich...@hotmail.com escribió:

 Hi!

 I'm new on FTP Server project, and after reading documentation I could not
 find if there is a option to deal with partial uploads.
 What I would like to do is that received files keep extension .tmp or
 .partial until finished.
 For example:

 client send file meuarquivodedados.dat
 ftp server start received file with name meuarquivodedados.dat.tmp or
 meuarquivodedados.dat.partial
 client finish sending file normally
 ftp server renames file from meuarquivodedados.dat.tmp to
 meuarquivodedados.dat

 Is there a option for that?

 Other option I'm evaluating is to use a database server as repository, and
 then set a flag as complete when finished.

 Any guidance on that? Please, consider me a complete novice in this topic
 (some FTP, SFTP and Linux knowledge, but little - to none - Apache FTP
 Server knowledge so far), ok?

 Thanks,
 --

 *Edson Carlos Ericksson Richter*
 /Sistemas para Bibliotecas, Escolinhas Infantis
 Projetos sob medida para sua empresa/
 Celular:(51) 9318-9766
 (51) 8585-0796
 /A mente que se abre a uma nova ideia jamais voltará ao seu tamanho
 original/
 - Albert Einstein

Re: user authntication

[David Latorre]

If you mean SSL client-cert-authentication, there are some emails regarding
this topic in the mailing list:

http://mail-archives.apache.org/mod_mbox/mina-ftpserver-users/201104.mbox/%3CBANLkTikGiHjLLZufBn=cgqydjjkzrlw...@mail.gmail.com%3E


2013/8/21 pri...@meyersascha.de

 Hello,

 i have a quick question regarding the user authentication at the ftp
 server. Currently, each user can login with an ftp client, the appropriate
 user name and password for the ftp server and transfer data or files. Is it
 possible to authenticate these users switch to a key exchange or something
 like that? I have a user who apparently can not login with the username and
 password and therefore he wants to authenticate with a key exchange. Is
 such a thing possible?

 Greetings
 Sascha Meyer

Re: No users can connect, no error.

[David Latorre]

I would make sure that the ftplet is the actual reason(ie, add the ftplet
again and check). You have two options:
1) fix your ftplet if that's enough for you
2) (recommended) use the logging output for your status window.  For this,
you can parse the log files or use an adequate logging appender / channel
El 22/05/2013 17:11, Travis Bowen tbo...@us.ibm.com escribió:

 Removing the ftplet worked.  I was using it because I would like to
 capture the output of the server to display in a status window and could
 not figure out another way.  Is there a better way to do that?

 Thanks,

 *TRAVIS BOWEN *
 Staff Software Engineer
 IBM Systems  Technology Group, Client Enablement  Systems Assurance
 --
 *Phone: *520-799-4612 | *Mobile: *520-975-1526 *
 E-mail:* *tbo...@us.ibm.com** * tbo...@us.ibm.com
 [image: IBM]

 9000 S Rita Rd
 Tucson, AZ 85744-0002
 United States


 [image: Inactive hide details for David Latorre ---05/22/2013 07:55:10
 AM---If you cannot debug the code, remove your FTPLet , set the]David
 Latorre ---05/22/2013 07:55:10 AM---If you cannot debug the code, remove
 your FTPLet , set the debug level to DEBUG  and try  and connec

 From: David Latorre dvl...@gmail.com
 To: ftpserver-users@mina.apache.org,
 Date: 05/22/2013 07:55 AM
 Subject: Re: No users can connect, no error.
 --



 If you cannot debug the code, remove your FTPLet , set the debug level
 to DEBUG  and try  and connect from a remote client while monitoring
 the connection with wireshark.





 2013/5/22 John Hartnup john.hart...@gmail.com:
  It looks as if the socket is being closed, and not by the server.
  Therefore, either the client or a firewall. To be absolutely sure of
 this,
  use something like Wireshark to trace the TCP packets -- find out which
 end
  closes the socket, and whether it's a FIN or a RST.
 
  Or you could attach a debugger to the server's Java process and step
  through the login process.
 
  I don't think it is a firewall issue as I would expect the client to not
  even be able to connect to the server.  It seems to connect then
  the server closes the connection immediately.
 
  Some firewalls do stateful protocol analysis of FTP. That is, they look
  at the content and make decisions based on it, for example they allow
  sockets to open on ports that they've seen in PORT and PASV commands.
 Some
  of these firewalls can be configured to decline anonymous FTP, and that
  would be consistent with your original report: firewall allows socket
  connection; firewall sees USER command with parameter anonymous, and
  closes the socket as a result. However, if you get the same result with
  admin/admin, that's less likely to be the reason.
 
 
 
 
  On 21 May 2013 21:17, Travis Bowen tbo...@us.ibm.com wrote:
 
  I am trying to connect from the same computer using the filezilla
 client.
   I have tried the default users.properties from the 1.0.6 distribution
 with
  both ClearTextPasswordEncryptor and SaltedPasswordEncryptor and both
  anonymous and admin/admin show the same results.
 
  I don't think it is a firewall issue as I would expect the client to not
  even be able to connect to the server.  It seems to connect then the
 server
  closes the connection immediately.
 
 
  Thanks,
 
  *TRAVIS BOWEN *
  Staff Software Engineer
  IBM Systems  Technology Group, Client Enablement  Systems Assurance
  [image: Inactive hide details for John Hartnup ---05/21/2013 01:02:22
  PM---This like the work of a firewall rejecting anonymous Ftp. Yo]John
  Hartnup ---05/21/2013 01:02:22 PM---This like the work of a firewall
  rejecting anonymous Ftp. You could verify this by trying to log in
 
  From: John Hartnup john.hart...@gmail.com
  To: ftpserver-users@mina.apache.org,
  Date: 05/21/2013 01:02 PM
  Subject: Re: No users can connect, no error.
  --
 
 
 
  This like the work of a firewall rejecting anonymous Ftp. You could
 verify
  this by trying to log in from a client on the same system as the
 server, or
  by changing the configuration to use a username other than anonymous.
  On 21 May 2013 20:28, Travis Bowen tbo...@us.ibm.com wrote:
 
   First I'd like to thank you for providing this software.
  
   However, the documentation is somewhat lacking.  I've spent several
 hours
   just trying to get the embedded version to accept user logins.
  
   Here is the code I am using (drawn from the quickstart docs and other
   sources):
  
   FtpServerFactory serverFactory = *new* FtpServerFactory();
   ListenerFactory listenerFactory = *new* ListenerFactory();
 
  
   // set the port of the listener
   listenerFactory.setPort(*props*.getFtpPortProperty());
 
   Listener listener = listenerFactory.createListener();
  
   // replace the default listener
   serverFactory.addListener(default, listener);
  
   MapString, Ftplet ftpletMap = *new* HashMapString,
 Ftplet

Re: Upload hangs using FTPS

[David Latorre]

Hola Rubén,

Are you sure your description of the problem is correct?

[ INFO] 2013-01-25 12:05:07,599 [xxx] [127.0.0.1] RECEIVED: STOR
xx
[ WARN] 2013-01-25 12:05:28,477 [xxx] [127.0.0.1] Exception during data
transfer, closing data connection socket

According to you,  this error occurs when you cancel the upload . But you
can see that the warn message is written 11 seconds after the  STOR command
is received.


There's a slight chance that the error is caused by a bug in the way
FileZilla  closes the SSL connection - I've noticed this before in some
other FTP clients like WinSCP. Java is very picky in this topic and a
malformed shutdown message will cause an  Exception.



2013/1/28 Rubén Páez ruben.p...@itac.com.co



 Hi!


 I have configured an standalone ftp server (Apache FTPServer) using this
 config file:




 START -- -- -- -- -- --
 --

 ?xml version=1.0 encoding=UTF-8?
 server xmlns=http://mina.apache.org/ftpserver/spring/v1;
 xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
 xsi:schemaLocation=
 http://mina.apache.org/ftpserver/spring/v1
 http://mina.apache.org/ftpserver/ftpserver-1.0.xsd
 
 id=myServer
 listeners
 nio-listener name=default port=2122
 ssl
 keystore file=./res/ftpserver.jks password=password /
 /ssl
 /nio-listener
 nio-listener name=sdefault port=21991 implicit-ssl=true
 ssl
 keystore file=./res/ftpserver.jks password=password /
 /ssl
 /nio-listener
 /listeners
 file-user-manager file=./res/conf/users.properties /
 /server
 END -- -- -- -- -- --
 --




 I use FileZilla Client to log in (either using FTPES or FTPS, I've tried
 both, I accept the certificate FileZilla displays to me) and try to upload
 a file. Everything seems ok, but the upload always stalls (around 300 kB).
 The log of FileZilla Client is:




 START -- -- -- -- -- --
 --

 Status: Resolving address of localhost
 Status: Connecting to 127.0.0.1:2122...
 Status: Connection established, waiting for welcome message...
 Response: 220 Service ready for new user.
 Command: AUTH TLS
 Response: 234 Command AUTH okay; starting TLS connection.
 Status: Initializing TLS...
 Status: Verifying certificate...
 Command: USER xxx
 Status: TLS/SSL connection established.
 Response: 331 User name okay, need password for xxx
 Command: PASS *
 Response: 230 User logged in, proceed.
 Command: OPTS UTF8 ON
 Response: 200 Command OPTS okay.
 Command: PBSZ 0
 Response: 200 Command PBSZ okay.
 Command: PROT P
 Response: 200 Command PROT okay.
 Command: OPTS MLST size;modify;type;
 Response: 200 Command OPTS okay.
 Status: Connected
 Status: Starting upload of xxx
 Command: CWD /
 Response: 250 Directory changed to /
 Command: PWD
 Response: 257 / is current directory.
 Command: TYPE I
 Response: 200 Command TYPE okay.
 Command: PASV
 Response: 227 Entering Passive Mode (127,0,0,1,199,113)
 Command: STOR xxx
 Response: 150 File status okay; about to open data connection.
 Error: Connection timed out
 Error: File transfer failed after transferring 278.6 KB in 21 seconds
 Response: 551 xx: Error on output file.
 Status: Disconnected from server
 Error: Connection closed by server
 END -- -- -- -- -- --
 --




 and the Apache FTP Sever log is:




 START -- -- -- -- -- --
 --

 [ INFO] 2013-01-25 12:04:31,940 [] [] Refreshing
 org.springframework.context.support.FileSystemXmlApplicationContext@ed0338:
 display name
 [org.springframework.context.support.FileSystemXmlApplicationContext@ed0338];
 startup date [Fri Jan 25 12:04:31 COT 2013]; root of context hierarchy
 [ INFO] 2013-01-25 12:04:32,030 [] [] Loading XML bean definitions from
 file [/apache-ftpserver-1.0.6/res/conf/ftpd-typical.xml]
 [ INFO] 2013-01-25 12:04:32,370 [] [] Bean factory for application context
 [org.springframework.context.support.FileSystemXmlApplicationContext@ed0338]:
 org.springframework.beans.factory.support.DefaultListableBeanFactory@19bb25a
 [ INFO] 2013-01-25 12:04:32,402 [] [] Pre-instantiating singletons in
 org.springframework.beans.factory.support.DefaultListableBeanFactory@19bb25a:
 defining beans
 [org.apache.ftpserver.listener.ListenerFactory#0,org.apache.ftpserver.listener.ListenerFactory#1,org.apache.ftpserver.usermanager.PropertiesUserManagerFactory#0,org.apache.ftpserver.FtpServerFactory#0,myServer];
 root of factory hierarchy
 [ INFO] 2013-01-25 12:04:32,744 [] [] FTP server started


 [ INFO] 2013-01-25 12:05:06,927 [] [127.0.0.1] CREATED
 [ INFO] 2013-01-25 12:05:06,929 [] [127.0.0.1] OPENED
 [ INFO] 2013-01-25 12:05:06,930 [] [127.0.0.1] SENT: 220 Service ready for
 new user.


 [ INFO] 2013-01-25 12:05:07,051 [] [127.0.0.1] RECEIVED: AUTH TLS
 [ INFO] 2013-01-25 

Re: FTP server dies every few hours

[David Latorre]

Hello Jerry,

 We have several instances of FTPServer in Linux and Win Server 2003 and
never suffered such a problem (they have been running for months now). Can
you provide us with the following information?

1) Apache FTPServer, Apache MINA and JRE/JDK versions.

2)  Are you using any custom code (e.g., Ftplets, commands, filesystem )  ?


I cannot recall any similiar issue so my initial thought was that your
problem is due to 2) - but I haven't been able to follow the mailing list
lately so I might be utterly wrong.




2012/12/7 Jerry M techst...@malcolms.com

 I've been using the FTPServer (on Win Server 2008) since around June of
 this year.  I don't need ftp around the clock.  So this problem hasn't been
 critical.  But it has become very annoying.  I have it configured to run as
 a Windows service.  I'll start the FTP service.  Do ftp tasks on and off
 for a few hours.  When I come back hours later or the next day and try to
 FTP, I get a server closed connection unexpectedly or something like that
 when I try to send or receive.  I then have to log on to the server and
 bounce the ftp service.  Everything is good to go again, for a few hours.
  Then it's dead again the next time I need it.

 Again, this is as consistent as clockwork.  I've never had it stay up 24
 hours.  I looked at the FTP logs and see nothing irregular logged.

 First question... does this sound familiar to anyone?  Second question...
 if no one has heard of this behavior until now, what kind of debug can I do
 to try to figure out what is happening? (I've got an extensive coding and
 debug background.  So I can go under the hood if necessary).

 I like the server.  I would just like for it to stay alive more than a few
 hours.

 BTW... not seeing anything like this on any of my other servers (apache,
 tomcat, james) that are running in the same box.

 Thanks.

 Jerry

Re: ipv6, subdomain and DNS

[David Latorre]

Why don't you just use a single User Manager which  returns a different
FileSystem 'Root folder' depending on the group  the  user belongs to?




2012/8/28 Niklas Gustavsson nik...@protocol7.com

 On Tue, Aug 28, 2012 at 7:43 PM, Mauro Asprea mauroasp...@gmail.com
 wrote:
  There is a maximum number of Listeners (eg: ports) that I can have
  available?

 No hard limit, except for the number of available ports (and
 memory/CPU resources).

 /niklas

Re: Setup UIDs at apache FTP

[David Latorre]

Hello,

 Unfortunately, this is not available out of the box. You can, however, use
your own custom FileSystem implementation or even a FTPlet for this.
 Unless you' re using Java 7, you'll probably have to run chmod in a system
call



2012/3/17 Алексей lexleogry...@mail.by

 Hello how i can setup different UIDS for different accounts in
 user.properties? Is it impossible?
 Im running ftp as daemon from root, and have various account in
 user.properties, each belongs to linux user, each have personal folder.
 every time after uploading files, i need to make chmod and chown for each
 folder, cuz by default file owner is set to root in ftp server.
 I also dont want run many ftp instances with various UIDs for each user
 with start-stop-daemon, cuz it makes non sense.
 --**--
 Живи ярко - http://afisha.open.by/

Re: Issue while running FTP daemon in Linux environment

[David Latorre]

Hello,

 I didn't take a look at your code, but  it seems that  your problem is
related to data connections.  Please, deactivate your firewall and try both
active or passive mode.





2012/2/28 gaurav chopra gaurav.chopr...@gmail.com

 Hi All,

 I have created a daemon for ftp purpose. The daemon is working fine in
 windows environment., but giving the following error in linux environment:

 Timeout detected.
 Could not retrieve directory listing
 File status okay; about to open data connection.
 Error listing directory '/'.

 I created a user 'test' and when trying to login getting this error with
 error code 421. (The user dir named 'test' is getting created in the linux
 environment and the dir is owned by root)

 Please find attached java code written to set config and start server.
 Appreciate your support!

 --
 Regards,
 Gaurav Chopra

Re: Accessing Files from other users home folder?

[David Latorre]

Hello,

 You can use symbolic links as gary bell suggested.

 Another option is that you  replace our default  FileSystem implementation
with the one provided by the VFS Utils Project, VFS FTPServer Bridge

 http://vfs-utils.sourceforge.net/ftpserver/index.html


If I'm not wrong, in one of its operation modes,  you are not restricted to
the user's home directory.



You can always develop your own 'Filesystem' implementation :-)




2011/12/15 Nilesh Apte nilesh.apt...@gmail.com

 Hi:

 Can a ftp user access a file from other ftp users' home directory (or sub
 directory)?

 For example,

 1. UserA has his home directory as /home/UserA
 2. UserB has his home directory as /home/UserB

 3. UserA has a file at following folder location,
 */home/UserA/documents/test.**txt*

 4. When UserB connect to apache ftp server, he will see / (which maps to
 /home/UserB) as his root directory.
 5. Can UserB issue *GET /home/UserA/documents/test.**txt* to retrieve
 the file?

 I tried running ftp server stand alone in 5 minutes link, and this seems
 to be not supported out of the box.
 I get 550 ... : No such file or directory error.

 What is the recommended/best way to share files between various ftp users?

 Thanks,
 Nilesh.

Re: FOUND THE REAL ISSUE - RE: Control connection closing on idle timeout even when data transfer is going on

[David Latorre]

Hello Sachin,


It seems this is a bug we should fix.  Can you open  a JIRA issue and
provide a test case with it?



2011/12/10 Sachin Shetty sshe...@egnyte.com

 I found the real issue here. I was misguided by Filezilla's dual connection
 behavior where it always spawns a new connection for a data transfer and
 leaved the original listing connection open. It's the listing connection
 that times out, but the transfer connection is active and my assumption of
 the root cause was wrong.



 My real problem is the issue reported in various other cases like:


 http://mail-archives.apache.org/mod_mbox/mina-dev/201102.mbox/%3C987378340.1
 0467.1297432017841.javamail.tom...@hel.zones.apache.org%3E


 http://old.nabble.com/-jira--Created:-%28FTPSERVER-295%29-Connection-reset-b
 y-peer,-help-td23269194.html



 I can reproduce this in filezilla, by setting a slow upload speed 1kbps,
 causing the upload to go on for more than an hour. Filezilla transfers the
 whole file and then fails with



 Error: Connection timed out

 Error: File transfer failed after transferring
 2,392,064 bytes in 2551 seconds





 FTP Logs:



 INFO 2011-12-10 15:48:54,134 pool-3-thread-54 D- U- S-
 org.apache.ftpserver.command.impl.STOR - File uploaded
 /Private/sshetty/9.doc

 INFO 2011-12-10 15:48:54,138 pool-3-thread-54 D- U- S-
 org.apache.ftpserver.listener.nio.FtpLoggingFilter - SENT: 150 File status
 okay; about to open data connection.^M



 INFO 2011-12-10 15:48:54,138 pool-3-thread-54 D- U- S-
 org.apache.ftpserver.listener.nio.FtpLoggingFilter - SENT: 226 Transfer
 complete.^M



 WARN 2011-12-10 15:48:54,138 pool-3-thread-54 D- U- S-
 org.apache.ftpserver.listener.nio.FtpLoggingFilter - EXCEPTION :

 java.io.IOException: Connection reset by peer

at sun.nio.ch.FileDispatcher.read0(Native Method)

at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:21)

at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:233)

at sun.nio.ch.IOUtil.read(IOUtil.java:206)

at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:236)

at

 org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:214
 )

at

 org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:42)

at

 org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPolling
 IoProcessor.java:673)

at

 org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPoll
 ingIoProcessor.java:646)

at

 org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPoll
 ingIoProcessor.java:635)

at

 org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractP
 ollingIoProcessor.java:67)

at

 org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(Abstra
 ctPollingIoProcessor.java:1079)

at

 org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:
 64)

at

 java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.ja
 va:886)

at

 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:9
 08)

at java.lang.Thread.run(Thread.java:619)

 ERROR 2011-12-10 15:48:54,139 pool-3-thread-54 D- U- S-
 org.apache.ftpserver.impl.DefaultFtpHandler - Exception caught, closing
 session

 java.io.IOException: Connection reset by peer

at sun.nio.ch.FileDispatcher.read0(Native Method)

at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:21)

at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:233)

at sun.nio.ch.IOUtil.read(IOUtil.java:206)

at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:236)

at

 org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:214
 )

at

 org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:42)

at

 org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPolling
 IoProcessor.java:673)

at

 org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPoll
 ingIoProcessor.java:646)

at

 org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPoll
 ingIoProcessor.java:635)

at

 org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractP
 ollingIoProcessor.java:67)

at

 org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(Abstra
 ctPollingIoProcessor.java:1079)

at

 org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:
 64)

at

 java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.ja
 va:886)

at

 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:9
 08)

at java.lang.Thread.run(Thread.java:619)

 INFO 2011-12-10 15:48:54,139 pool-3-thread-54 D- U- S-
 org.apache.ftpserver.listener.nio.FtpLoggingFilter - CLOSED











 From: Sachin Shetty [mailto:sshe...@egnyte.com]
 Sent: Monday, December 05, 2011 4:04 PM
 To: 'Sachin Shetty'; 

Re: FTPD service does not start

[David Latorre]

Hello Jamal,

Have you tried running it from the command line Instead of using  the
created service? Just to find out what components  are failing.


2011/11/8 Jamal Abreu jamallu...@hotmail.com



 Hi, I installed the service using
 service install ftpd ftpd-typical.xml
 the installation succeeded!
 However, when I can not start the service if I try,
 and I get the following log message
 [2011-11-09 00:13:33] [info] Running Service...
 [2011-11-09 00:13:33] [info] Starting service...
 [2011-11-09 00:13:33] [947  prunsrv.c] [error] Failed creating java
 [2011-11-09 00:13:33] [1202 prunsrv.c] [error] ServiceStart returned 1
 [2011-11-09 00:13:33] [info] Run service finished.
 [2011-11-09 00:13:33] [info] Procrun finished.

 FTP server version: 1.0.6
 My Environment: Windows 7 64 bit, JRE7

 Any idea?

 Thanks
 Jamal

Re: find out the transfer rate

[David Latorre]

If you are doing what Miroslav said, I'd rather believe that it is your
'manual calculation' which is wrong. This should be with files of some size,
otherwise the difference might be related to different starting points
(e.g., with some firewalls that open/close ports automatically -but slowly-,
 passive mode can have quite different results for small files).

Why don't you check your transfer rate against the one that lftp or
filezilla report?






2011/8/10 Miroslav Pokorny miroslav.poko...@gmail.com

 Dividing bits over seconds is quite simple, each xfer is not going to be
 exactly the same even if you send /get the same file from/to the same
 server. For whatever reason your xfer rates seem reasonable, so they are
 probably correct.

 On Wed, Aug 10, 2011 at 8:52 PM, bahar ertik bahar.er...@gmail.com
 wrote:

  I have tried that but this doesn't give the correct transfer rate.
 Because
  the result I get is far away from the result I get when I do it manuallt,
  stepwise!
  Manually done the transfer rate for the put is 17.09 MB/sec and get 87.83
  MB/sec.
  Recording the time at start and end gives the result  put 11.11 MB/sec
 and
  get 33 MB/sec.
 
  On Wed, Aug 10, 2011 at 10:45 AM, Miroslav Pokorny 
  miroslav.poko...@gmail.com wrote:
 
   Record the time at the start and end of the operation and divide tht
 with
   the file size.
  
   On Wed, Aug 10, 2011 at 5:50 PM, bahar ertik bahar.er...@gmail.com
   wrote:
  
Hi,
   
I am trying to transfer files from my server to a client using ftp in
   java
and this works without any problems.
My question is: Is there any way to find out the transfer rate, MB/s,
  of
the
transfer?
   
Best Regards
   
  
  
  
   --
   mP
  
 



 --
 mP

Re: Has anybody used any kind of load balancing

[David Latorre]

As Toli said, I don't think this is not really FTPServer-related so, in case
you don't get a response, I would try a more specific forum about
LBs.Anyway, in a scenario like the one Toli described, FTPServer should need
no configuration changes at all- you just have to make sure that your LB is
routing the data connections to the appropriate host ( if you sticked to
active mode, with the data connections being initiated  by the FTP server
itself, i think  you wouldn't need any special configuration in the LB, but
it should be easy to configure your LB to serve ftp connections correctly).




2011/8/10 Toli Kuznets tkuzn...@marinsoftware.com

 Sachin,

 I didn't personally setup the LB so unfortunately i can't give you a
 detailed answer. I believe that LBs support some stickiness per
 session, so once a connection is established from a given incoming IP
 it's always routed to the same target server.

 You are better off asking around in network-admin forums on how to set that
 up

 sorry i couldn't be of more help.

 On Wed, Aug 10, 2011 at 2:45 AM, Sachin Shetty sshe...@egnyte.com wrote:
  Hi Toli,
 
  There should be some more config changes due to the dual port nature of
 the
  protocol right? How do you handle all the data connections on your lb and
  make sure they are sent to the same ftp server?
 
  Thanks
  Sachin
 
  -Original Message-
  From: Toli Kuznets [mailto:tkuzn...@marinsoftware.com]
  Sent: Wednesday, August 10, 2011 12:06 PM
  To: ftpserver-users@mina.apache.org
  Subject: Re: Has anybody used any kind of load balancing
 
  Sachin,
 
  We use basic load round-robin load balancing via a separate hardware
  LB, and our ftpserver instances point to a shared NFS.
  works pretty well for us - we just have 2 separate instances running
  on 2 separate physical machines.
 
  so yes, we've done that, but it probably doesn't answer your use case
  since it's a trivially simple load-balancing example...
 
  On Tue, Aug 9, 2011 at 11:07 PM, Sachin Shetty sshe...@egnyte.com
 wrote:
  Hi All,
 
 
 
  Has anybody used any kind of load balancing with apache ftp server?
 
 
 
  Thanks
 
  Sachin
 
 
 
 

Re: Has anybody used any kind of load balancing

[David Latorre]

Wow, my English sucks... Among others, I meant   I think this is not really
FTPServer-related so


2011/8/12 David Latorre dvl...@gmail.com

 As Toli said, I don't think this is not really FTPServer-related so, in
 case you don't get a response, I would try a more specific forum about
 LBs.Anyway, in a scenario like the one Toli described, FTPServer should need
 no configuration changes at all- you just have to make sure that your LB is
 routing the data connections to the appropriate host ( if you sticked to
 active mode, with the data connections being initiated  by the FTP server
 itself, i think  you wouldn't need any special configuration in the LB, but
 it should be easy to configure your LB to serve ftp connections correctly).




 2011/8/10 Toli Kuznets tkuzn...@marinsoftware.com

 Sachin,

 I didn't personally setup the LB so unfortunately i can't give you a
 detailed answer. I believe that LBs support some stickiness per
 session, so once a connection is established from a given incoming IP
 it's always routed to the same target server.

 You are better off asking around in network-admin forums on how to set
 that up

 sorry i couldn't be of more help.

 On Wed, Aug 10, 2011 at 2:45 AM, Sachin Shetty sshe...@egnyte.com
 wrote:
  Hi Toli,
 
  There should be some more config changes due to the dual port nature of
 the
  protocol right? How do you handle all the data connections on your lb
 and
  make sure they are sent to the same ftp server?
 
  Thanks
  Sachin
 
  -Original Message-
  From: Toli Kuznets [mailto:tkuzn...@marinsoftware.com]
  Sent: Wednesday, August 10, 2011 12:06 PM
  To: ftpserver-users@mina.apache.org
  Subject: Re: Has anybody used any kind of load balancing
 
  Sachin,
 
  We use basic load round-robin load balancing via a separate hardware
  LB, and our ftpserver instances point to a shared NFS.
  works pretty well for us - we just have 2 separate instances running
  on 2 separate physical machines.
 
  so yes, we've done that, but it probably doesn't answer your use case
  since it's a trivially simple load-balancing example...
 
  On Tue, Aug 9, 2011 at 11:07 PM, Sachin Shetty sshe...@egnyte.com
 wrote:
  Hi All,
 
 
 
  Has anybody used any kind of load balancing with apache ftp server?
 
 
 
  Thanks
 
  Sachin
 
 
 
 

Re: Ftplet

[David Latorre]

Hello Alexandre,

With the current ftplet implementation this is not possible. but you can
provide your own STOR/STOU implementation that handles this.  We did have
this very same need and  I just copied the whole source code of the STOR
command and added an invocation to the FTPLet method (so, this method in the
FTPlet must not be called from  afterCommand, but manually by you).


We didn't include such a feature in the roadmap - some of the commands
(STOR, STOU, and probably USER/PASS) would benefit from such a feature but
 there are other ways to achieve the same results right now (although they
can be considered more intrusive).


Cheers,

David



2011/8/4 Alexandre Grunt alexandre.gr...@gmail.com

 Hi,

 I created my own class Ftplet to trigger processing after a file reception
 (STOR or STOU command).I want that if processing fails, the client is
 informed of the sending failed by 4xx ftp code.
 Is it possible? If not, the Apache Ftp Server Roadmap provides it?

 Regards,

 Mr GRUNT

Re: Problems with SSL

[David Latorre]

Hello,

 What does your log say?



2011/7/28 Fabio Melo fabio.f...@gmail.com

 Hi All,

 I'm facing some problem while coding a server server using Apache FTP
 server.

 I'm using the code bellow to create a FTP server (MyFTPServer), when a run
 this piece of code I'm not able to connect through a FTP client such as
 Filezilla, WinSCP and My own FTP client into my ftp server.

 There is also bellow My FTP Client which represent my FTP Client code for
 connect.

 Does any body knows what I am doing wrong?

 Thanks in advance

    MyFTPServer=
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.OutputStream;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;

 import org.apache.ftpserver.FtpServer;
 import org.apache.ftpserver.FtpServerFactory;
 import org.apache.ftpserver.ftplet.Authority;
 import org.apache.ftpserver.ftplet.DataConnection;
 import org.apache.ftpserver.ftplet.DefaultFtpReply;
 import org.apache.ftpserver.ftplet.DefaultFtplet;
 import org.apache.ftpserver.ftplet.FtpException;
 import org.apache.ftpserver.ftplet.FtpReply;
 import org.apache.ftpserver.ftplet.FtpRequest;
 import org.apache.ftpserver.ftplet.FtpSession;
 import org.apache.ftpserver.ftplet.Ftplet;
 import org.apache.ftpserver.ftplet.FtpletResult;
 import org.apache.ftpserver.ftplet.UserManager;
 import org.apache.ftpserver.impl.LocalizedFtpReply;
 import org.apache.ftpserver.listener.ListenerFactory;
 import org.apache.ftpserver.ssl.SslConfigurationFactory;
 import org.apache.ftpserver.usermanager.PropertiesUserManagerFactory;
 import org.apache.ftpserver.usermanager.SaltedPasswordEncryptor;
 import org.apache.ftpserver.usermanager.impl.BaseUser;
 import org.apache.ftpserver.usermanager.impl.WritePermission;

 public class FTPServerTest extends DefaultFtplet {
 public FTPServerTest() {
  try {
 FtpServerFactory serverFactory = new FtpServerFactory();
  PropertiesUserManagerFactory userManagerFactory = new
 PropertiesUserManagerFactory();
  ListenerFactory factory = new ListenerFactory();
 factory.setPort(2221);
  userManagerFactory.setFile(new File(myusers.properties));
 userManagerFactory.setPasswordEncryptor(new SaltedPasswordEncryptor());
  UserManager um = userManagerFactory.createUserManager();
 BaseUser user = new BaseUser();
  // define SSL configuration
 SslConfigurationFactory ssl = new SslConfigurationFactory();
  ssl.setKeystoreFile(new File(ftpserver.jks));
 ssl.setKeystorePassword(password);
  // set the SSL configuration for the listener
 factory.setSslConfiguration(ssl.createSslConfiguration());
  factory.setImplicitSsl(false);
  ListAuthority authorities = new ArrayListAuthority();
  authorities.add(new WritePermission());
 user.setAuthorities(authorities);
  user.setName(myNewUser);
 user.setPassword(secret);
  um.save(user);
 serverFactory.setUserManager(um);
  serverFactory.addListener(default, factory.createListener());
 HashMapString, Ftplet ftplets = new HashMapString, Ftplet(0);
  ftplets.put(DEFAULT, this);
 serverFactory.setFtplets(ftplets);
  // start the server
 FtpServer server = serverFactory.createServer();
 server.start();

 } catch (FtpException e) {
 e.printStackTrace();
 }
  }

 public static void main(String[] args) {
 new FTPServerTest();
  }

 @Override
 public FtpletResult onConnect(FtpSession session) throws FtpException,
  IOException {
 System.out.println(onConnect);
 return super.onConnect(session);
  }

 @Override
 public FtpletResult onLogin(FtpSession session, FtpRequest request)
  throws FtpException, IOException {
 System.out.println(onLogin);
  return super.onLogin(session, request);
 }
  @Override
 public FtpletResult onUploadStart(FtpSession session, FtpRequest request)
 throws FtpException, IOException {
  String requestedFile = request.getArgument();

OutputStream in =  new FileOutputStream(requestedFile);


// open data connection
DataConnection out = null;
session.write(new DefaultFtpReply(150, Getting data connection.));
try {
out = session.getDataConnection().openConnection();
} catch (Exception ex) {
System.out.println(Exception);
}
if (out == null) {
System.out.println(onUpload - out null);
return FtpletResult.SKIP;
}

// transfer data
try {


out.transferFromClient(session,in);
} finally {
session.write(new DefaultFtpReply(226, Transfer Complete.));
session.getDataConnection().closeDataConnection();
in.close();
}
System.out.println(onUpload -  end);
return FtpletResult.SKIP;
}
  @Override
 public FtpletResult onUploadEnd(FtpSession session, FtpRequest request){
  System.out.println(fim do up);
 return FtpletResult.DEFAULT;
  }
 }

 My FTP
 Client

 import java.io.FileInputStream;
 

OutOfMemoryError - GC overhead limit exceeded

[David Latorre]

Hey guys,


 This weekend our ftpserver implementation (which we recently switched from
a web-based application to a standalone app launched using  ftpd.sh  from
the distro but using some 'company standard' memory options)  threw the
exception in the title:

OutOfMemoryError - GC overhead limit exceeded


Funny thing is that we don't have any traffic on weekends except for an
automated tool that connects every 5 minutes to get sure everything is
working fine... so I can hear these words out loud:
MEMORY LEAK.


FTPServer is launched like this:
-server -Xms256m -Xmx256m -XX:+UseParallelOldGC -XX:+UseAdaptiveSizePolicy
-XX:+UseBiasedLocking -XX:+EliminateLocks -XX:+AggressiveOpts


Have any of you experienced this exception or any other memory-related one?
 What heap sizes are you using? In my test, I never needed more than 100mb
 but after a couple of weeks it seems this is no longer true.


*I'm pretty sure our code is not causing the possible leak - I would tend to
point at MINA for this... what do you think, Niklas? It seems they are still
using M4.

Re: [proftpd] Re: Re: ftplet not being called

[David Latorre]

Hello Allen,

 I would need some more info for this, e.g.,

 1) Are the clients using FTP or FTPS?

 2) Are they using a 'publicly available' FTP client? which one?

 3) Is it possible that you're capturing some exceptions silently?

 If I understand you correctly, FTPServer itself has logging
disabled; is it so?  First option here is that you ask your client if
they have any logs of the file transfer...
Otherwise, I don't find it easy to find your problem... Maybe you can
try to obtain finer grained logging in FTPServer by using an
implementation  that allows Filters to be specified so you don't have
to turn on all the logging output if you're worried about  system
performance (I don't actually know if there's reason to worry).






2011/6/8 Allen Firstenberg prof...@addventure.com:
 On Wed, Jun 8, 2011 at 5:44 AM, Niklas Gustavsson nik...@protocol7.comwrote:


 Which exact log statement is it that you were expecting? From
 FtpLoggingFilter?

 What logging provider are you using? Assuming this is a race
 condition, it could be both in FtpServer, slf4j and the logging
 provider.


 The logging in this case isn't code level logging, it is command/transfer
 logging.  It is an ftplet that can be configured to log various attributes
 from an FtpSession, FtpRequest, and/or FtpReply.  It is intended for xferlog
 and similar logging capabilities.  We've mentioned this in the past as
 something we're working on and that we intend to release to the project when
 we feel its ready for prime time.

 In this case, log messages are saved to a file during both beforeCommand()
 and afterCommand() in several different ftplets.  In order for it to be a
 race condition, these would have had to fail multiple times - and just for
 this particular instance.  I can't rule it out, of course, but it seems
 unlikely.

 Allen

Re: Supporting CCC (Clear Command Channel) command

[David Latorre]

2011/4/19 sebb seb...@gmail.com:
 On 19 April 2011 14:46, Sai Pullabhotla sai.pullabho...@jmethods.com wrote:
 I was trying it with one of our own home grown client API and with
 Apache Commons-net. The current release of commons-net is broken, but
 there is a patch that was submitted, which is in the trunk. With the
 trunk code of commons-net, it works once in a while (one out of 4
 times). The rest of the times, it thinks that it received a bad ftp
 reply (most probably because of timing issue, and the fact that the
 MINA code sends the TLS_CLOSE signal). Looks like the TLS close signal
 is becoming part of the reply to the command that was sent right after
 CCC.

 What is the exact error message?

 Our home grown API also runs into the same issue because of the TLS_CLOSE.

I do believe that TLS_CLOSE signal is the expected behaviour. RFC4217
states that:
 Otherwise, the server is accepting the CCC command and should do
  the following:

 o  Send a 200 reply.

 o  Shutdown the TLS session on the socket and leave it open.

I'm trusting here this link that explains ssl shutdown:
http://linux.die.net/man/3/ssl_shutdown

So, I guess that close notify is the way to go and if that's the only
reason to fail, it's the client which is broken.

This said, Sun Java SSL implementation seems more restrictive than
others. I found an issue with WinSCP where , for some file sizes
(when you're using a block cipher for the encryption of the secure FTP
data connection - which I think is most often the case in SSL
connections), the TLS_CLOSE message gets truncated.
This is a bug in WinSCP, of course, but it caused Mina FTPServer to
abort the transfer (when the file has been already received!)  whilst
other servers completely ignored the fact that the TLS_CLOSE message
was incorrect.

So I would only implement CCC if I was sure that most clients that
support this command can interact seamlessly with FTPServer, to my
mind it's not that useful a feature if it means  we can end up with
unexpected (and 'superflous') connection losses.


 At this point, I am trying to figure out the correct procedure to
 unwrap/unprotect an SSLSocket into a plain socket and who should
 initiate the TLS_CLOSE, and if it is really needed.

 Can you attach your current code as a JIRA patch, and then I can try
 with Commons Net?

 I'm hoping to release Net 3.0 soon, and if there are issues with CCC
 it would be nice to sort those first.

Oh, that's great news. I just reviewed a few changes I had to include
in the codebase and I think all of them are included - even better!


 Maybe between us we can fix ftpserver and net ...

 Sai Pullabhotla



 On Tue, Apr 19, 2011 at 8:23 AM, sebb seb...@gmail.com wrote:
 On 19 April 2011 13:47, Sai Pullabhotla sai.pullabho...@jmethods.com 
 wrote:
 Has any one tried to implement the CCC command in FTPS? I've been
 trying to do this, but having issues. I was wondering if any one has a
 better knowledge of what should be done to unprotect the control
 channel.

 Here is what I've tried:

 1. Added an implementation class for CCC, and registered it with the 
 factory
 2. Server receives the CCC command from the client
 3. Server sends a positive reply back to the client, and waits for the
 message to be sent using the await() method on the future. This should
 ensure that the reply to CCC is still sent over the encrypted channel.
 4. Server removes the SslFilter from the filter chain of the session

 In theory (according to my understanding) this should do the trick,
 but I'm seeing different results with different clients. I could not
 get it to work consistently with any client.

 I noticed that the MINA code does send a TLS_CLOSE message to the
 client when the SslFilter is removed (from the onPreRemoveFilter
 method). Is this needed on the server or should the client initiate
 the TLS_CLOSE sequence, by closing the SSLSocket (without closing the
 underlying socket)?

 Does SSL (SSL v2 for example) also have a special close sequence like
 the TLS does?

 I appreciate any feedback, pointers on how to get this to work.

 It would be great if you could get this to work!
 There don't seem to be many ftp servers that support CCC.

 What results are you seeing, and what clients are you using?

Re: Determine hostname from a custom UserManager

[David Latorre]

 We are also using this user_Domain  as a workaround but in case of
Dan question, he only need to know what is the server name to which
FTPserver is deployed... I would have it in my config  file and pass
it as an argument to your  custom UserManager.

  If you don't want to depend on  properties, I guess you can also
call InetAddress.getLocalHost()

Cheers,

 David

2011/3/25 Brad McEvoy mina...@bradmcevoy.com:
 Hi Daniel,

 I don't think there is any equivalent because FTP doesnt have the
 equivalent of the HTTP host header.

 But i've had the same with the milton FTP/Webdav connector (see
 http://milton.ettrema.com), and my solution is to allow users to enter a
 user name which includes the domain name in the form user#domain.com.

 I'd be interested to see if anyone knows of any better options.

 Cheers,
 Brad

 On Fri, 25 Mar 2011 14:48 -0400, Daniel Cane
 daniel.c...@modernizingmedicine.com wrote:
 Greetings all. I’m developing a custom userManager and have impl all
 wired
 up. My question is from inside the authenticate() method I need to know
 the
 equivalent of request.getServerName() in order to correctly associate
 which
 domain the user is in. We partition our data by servername so that use a
 user myusername FTPing to foo.myserver.com would be different from
 myusername FTPing to bar.myserver.com. Basically, I just need the URL
 prefix. Any thoughts as to how I might be able to get that info?



 I see that an Ftplet has access to session, but don’t see how to get at
 this
 frim the authenticate method location.



 Thanks in advance!



 Dan

 --
  Brad McEvoy
  b...@bradmcevoy.com

Re: FTPlet entrySet: Sort order for multiple active FTPlets?

[David Latorre]

If you read the case that sai himself opened, you'll see that the
Spring config generates a subclass of LinkedHashMap which is enough to
preserve order of execution.

So, for theI users wiring the server via Spring there's no need to
specify a Map version.  For embedders invoking the API methos
directly, I agree with Niklas that we shouldn't force them to use
LinkedHashMap (what if they want to use a SortedMap?) or any other map
implementation, execution order here is the responsability of the
user, not ours.

This said, Sai has a valid point when he speaks about predictability
and I could be led to agree with him  if he still insisted on that
option. But, if javadoc is OK I don't think this change is really
needed, and would mean breaking our API so it would be available just
for the 'trunk' version.


2011/3/18 Christian Gosch christian.go...@inovex.de:
 Hmm...

 To refer to the closed issue, it would be helpful if the example Spring
 configuration named config-full.xml would contain a ftplets element
 which *does* define a Map type to use -- but I cannot see anything like
 this inside this file (see the attached files, as of v1.0.5,
 2010-SEP-26, 6:24PM).


 --cg

 -Original Message-
 From: Sai Pullabhotla [mailto:sai.pullabho...@jmethods.com]
 Sent: Friday, March 18, 2011 2:09 PM
 To: ftpserver-users@mina.apache.org
 Subject: Re: FTPlet entrySet: Sort order for multiple active FTPlets?

 Well... there was a open case about this, which is now closed...

 https://issues.apache.org/jira/browse/FTPSERVER-223

 Are you sure this is still an issue?

 On Fri, Mar 18, 2011 at 7:46 AM, Christian Gosch
 christian.go...@inovex.de wrote:
  Hi,
 
  I just looked at the implementation of
  DefaultFtpletContainer.onConnect() and saw that it processes all
  contained (registered) Ftplets by traversing the (concurrent hash)
 map
  of declared Ftplets, just as onDisconnect().
 
  But it does so based on the ftplets.entrySet() and the sort order
 which
  it imposes on the entry set, which in turn is undefined in that it
  does not guarantee any special sort order.
 
  Why is the concurrent map ftplets not implemented as a map with a
  reliable sort order depending on the key values?
 
  It may be good practice to have every registered Ftplet act
  independently of any other in the same container, but there may be
 good
  reasons to have an ordered sequence, may be by order of declaration,
 or
  by order of key or whatever may be appropriate.
 
  Is there a special rationale behind this?
 
 
  btw: I did not yet find any time to play around with this really :-(
 
 
  Regards,
  --
  Dipl.-Inform. Christian Gosch, PMI PMP
  Systems Architecture, Project Management
 
  inovex GmbH
  Büro Pforzheim
  Karlsruher Strasse 71
  D-75179 Pforzheim
  Tel: +49 (0)7231 3191-85
  Fax: +49 (0)7231 3191-91
  c.go...@inovex.de
  www.inovex.de
 
  Sitz der Gesellschaft: Pforzheim
  AG Mannheim, HRB 502126
  Geschäftsführer: Stephan Müller
 
 
 
 

 !DSPAM:4d83598117594243614118!

Re: Get the stream file

[David Latorre]

I agree with nilkas here for your use case. Still, are you sure you
don't need to store the file? I think there are a number of reasons,
mainly traceability, for you to keep those files as 'a backup' or in
case the file cannot be parsed.  I would rather have a copy of the
file that failed so I can check what the problem was.


Cheers,

 David


2011/3/3 Niklas Gustavsson nik...@protocol7.com:
 On Wed, Mar 2, 2011 at 8:03 PM, Pierre-Luc Pineault
 pino_...@hotmail.com wrote:
 All I want is to parse a text file send by a user without storing the file 
 on the server. So, I see this is possible to get the data input stream from 
 request by Ftplet onUploadStart(session, request). So, I want to get the 
 stream and parse each line to store the data in a database.
 For the momment i am working with onUploadEnd() and I delete the file once 
 parsed. But, the best way for us is to parse.

 While you probably can solve this from an Ftplet, I would recommend
 looking into writing a custom filesystem for this purpose.

 /niklas

Re: Is there a way to access the FtpSession.lastReply in the handleOnClose() call?

[David Latorre]

Hello Toli,

 why don't you set your ftpet to be run after STOR (and STOU...)
command? In the old way  this was the method onUploadEnd().


2011/2/12 Toli Kuznets tkuzn...@marinsoftware.com:
 Hi,

 I have a custom FtpLet and I wan to kick off a job on file upload, so
 i override the handleOnClose() call.

 I'm running into a situation where when my users use SSIS (scary
 Microsoft product) to send files over FTP, they are not able to
 establish a data connection to my server (separate problem), there's
 an internal exception in STOR.execute() but I still get a callback in
 onHandleClose()

 However, when I get the callback, it's impossible for me to tell the
 difference between a successful upload or a callback after an
 exception when there was no physical file placed on disk.

 Looking in the debugger, I notice that the incoming FtpSession is
 actually a DefaultFtpSession that has an FtpIoSession that has a
 getLatReply() method that can return me something useful
 (REPLY_425_CANT_OPEN_DATA_CONNECTION in my case).
 However, getting to lastReply is not exposed.

 is there a better way to tell if handleOnClose() is being called on
 success or failure? How can i tell those 2 situations apart?

 My server is setup with all defaults for connections - in this case,
 the connection is coming in as ACTIVE and for some reason i get an
 exception when opening data connection, so i want to catch that case
 and not kick of an event in handleOnClose()

 This is on FtpServer-1.0.5, and the relevant stacktrace from the call
 to handleOnClose() after the failed open of data connection is:
        at 
 com.marin.plugin.ftpserver.FileUploadNotifierFtplet.onUploadEnd(FileUploadNotifierFtplet.java:70)
        at 
 org.apache.ftpserver.ftplet.DefaultFtplet.afterCommand(DefaultFtplet.java:89)
        at 
 org.apache.ftpserver.ftpletcontainer.impl.DefaultFtpletContainer.afterCommand(DefaultFtpletContainer.java:144)
        at 
 org.apache.ftpserver.impl.DefaultFtpHandler.messageReceived(DefaultFtpHandler.java:220)

 The unable to open data connection is below if it helps:
 11 Feb 2011 16:15:30,977 DEBUG [pool-5-thread-1]
 nativefs.impl.NativeFtpFile (NativeFtpFile.java:212) - Checking if
 file exists
 11 Feb 2011 16:15:30,977 DEBUG [pool-5-thread-1]
 nativefs.impl.NativeFtpFile (NativeFtpFile.java:218) - Authorized
 11 Feb 2011 16:16:45,931 DEBUG [pool-5-thread-1] command.impl.STOR
 (STOR.java:134) - Exception getting the input data stream
 java.net.ConnectException: Operation timed out
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
        at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
        at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:432)
        at java.net.Socket.connect(Socket.java:529)
        at java.net.Socket.connect(Socket.java:478)
        at 
 org.apache.ftpserver.impl.IODataConnectionFactory.createDataSocket(IODataConnectionFactory.java:314)
        at 
 org.apache.ftpserver.impl.IODataConnectionFactory.openConnection(IODataConnectionFactory.java:259)
        at org.apache.ftpserver.command.impl.STOR.execute(STOR.java:132)
        at 
 org.apache.ftpserver.impl.DefaultFtpHandler.messageReceived(DefaultFtpHandler.java:210)

 This is very reproducible, so i can provide any other information that
 may be helpful.

 I'm seeing similar behaviour directly from Windows FTP command-line shell.

 all other use cases (from Mac, from Windows FileZilla, etc work just fine)

 thanks!

Re: Is there a way to access the FtpSession.lastReply in the handleOnClose() call?

[David Latorre]

Uh, I see that's what you did :)



2011/2/14 David Latorre dvl...@gmail.com:
 Hello Toli,

  why don't you set your ftpet to be run after STOR (and STOU...)
 command? In the old way  this was the method onUploadEnd().


 2011/2/12 Toli Kuznets tkuzn...@marinsoftware.com:
 Hi,

 I have a custom FtpLet and I wan to kick off a job on file upload, so
 i override the handleOnClose() call.

 I'm running into a situation where when my users use SSIS (scary
 Microsoft product) to send files over FTP, they are not able to
 establish a data connection to my server (separate problem), there's
 an internal exception in STOR.execute() but I still get a callback in
 onHandleClose()

 However, when I get the callback, it's impossible for me to tell the
 difference between a successful upload or a callback after an
 exception when there was no physical file placed on disk.

 Looking in the debugger, I notice that the incoming FtpSession is
 actually a DefaultFtpSession that has an FtpIoSession that has a
 getLatReply() method that can return me something useful
 (REPLY_425_CANT_OPEN_DATA_CONNECTION in my case).
 However, getting to lastReply is not exposed.

 is there a better way to tell if handleOnClose() is being called on
 success or failure? How can i tell those 2 situations apart?

 My server is setup with all defaults for connections - in this case,
 the connection is coming in as ACTIVE and for some reason i get an
 exception when opening data connection, so i want to catch that case
 and not kick of an event in handleOnClose()

 This is on FtpServer-1.0.5, and the relevant stacktrace from the call
 to handleOnClose() after the failed open of data connection is:
        at 
 com.marin.plugin.ftpserver.FileUploadNotifierFtplet.onUploadEnd(FileUploadNotifierFtplet.java:70)
        at 
 org.apache.ftpserver.ftplet.DefaultFtplet.afterCommand(DefaultFtplet.java:89)
        at 
 org.apache.ftpserver.ftpletcontainer.impl.DefaultFtpletContainer.afterCommand(DefaultFtpletContainer.java:144)
        at 
 org.apache.ftpserver.impl.DefaultFtpHandler.messageReceived(DefaultFtpHandler.java:220)

 The unable to open data connection is below if it helps:
 11 Feb 2011 16:15:30,977 DEBUG [pool-5-thread-1]
 nativefs.impl.NativeFtpFile (NativeFtpFile.java:212) - Checking if
 file exists
 11 Feb 2011 16:15:30,977 DEBUG [pool-5-thread-1]
 nativefs.impl.NativeFtpFile (NativeFtpFile.java:218) - Authorized
 11 Feb 2011 16:16:45,931 DEBUG [pool-5-thread-1] command.impl.STOR
 (STOR.java:134) - Exception getting the input data stream
 java.net.ConnectException: Operation timed out
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
        at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
        at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:432)
        at java.net.Socket.connect(Socket.java:529)
        at java.net.Socket.connect(Socket.java:478)
        at 
 org.apache.ftpserver.impl.IODataConnectionFactory.createDataSocket(IODataConnectionFactory.java:314)
        at 
 org.apache.ftpserver.impl.IODataConnectionFactory.openConnection(IODataConnectionFactory.java:259)
        at org.apache.ftpserver.command.impl.STOR.execute(STOR.java:132)
        at 
 org.apache.ftpserver.impl.DefaultFtpHandler.messageReceived(DefaultFtpHandler.java:210)

 This is very reproducible, so i can provide any other information that
 may be helpful.

 I'm seeing similar behaviour directly from Windows FTP command-line shell.

 all other use cases (from Mac, from Windows FileZilla, etc work just fine)

 thanks!

Re: 502 Command ALLO not implemented.

[David Latorre]

Hello Nguyen,

 Your problem is not the response to the ALLO command but that your
client is unable to connect to 10.2.177.137
One possibility is that the IP is correct but a firewall is rejecting
the connections.
But 10.2.177.137 is not an internet address which is what you probably
want; this is a typical case which we have addressed in MINA using the
external-address property, you may need to define it as in this
example:

data-connection idle-timeout=120 implicit-ssl=false
active enabled=true local-port=16001 ip-check=false/
passive ports=19000-19900
address=10.2.177.137 external-address=PUBLICIP/
/data-connection
 /nio-listener

PUBLICIP can be  an ip address in the x.x.x.x  format or a hostname.


Make sure the ports are reachable and no firewall is in your way :)



2011/1/13 Nguyen Hai Nam nam...@nd24.net:
 Hello,

 I'm trying to deliver backup file from my cpanel (v.11) hosting to my
 ftp server. I've just configured typical setting only.

 But it had this error: 502 Command ALLO not implemented.

 Net::FTP Net::FTP(2.77)
 Net::FTP   Exporter(5.58)
 Net::FTP   Net::Cmd(2.29)
 Net::FTP   IO::Socket::INET(1.29)
 Net::FTP     IO::Socket(1.29)
 Net::FTP       IO::Handle(1.25)
 Net::FTP=GLOB(0x863ce10) 220 Service ready for new user.
 Net::FTP=GLOB(0x863ce10) USER cdn
 Net::FTP=GLOB(0x863ce10) 331 User name okay, need password for cdn.
 Net::FTP=GLOB(0x863ce10) PASS 
 Net::FTP=GLOB(0x863ce10) 230 User logged in, proceed.
 Net::FTP=GLOB(0x863ce10) TYPE I
 Net::FTP=GLOB(0x863ce10) 200 Command TYPE okay.
 Net::FTP=GLOB(0x863ce10) CWD /
 Net::FTP=GLOB(0x863ce10) 250 Directory changed to /
 Net::FTP=GLOB(0x863ce10) ALLO 239590440
 Net::FTP=GLOB(0x863ce10) 502 Command ALLO not implemented.
 Net::FTP=GLOB(0x863ce10) PASV
 Net::FTP=GLOB(0x863ce10) 227 Entering Passive Mode (10,2,177,137,6,37)
 Net::FTP=GLOB(0x863ce10) STOR backup-1.13.2011_14-56-28.tar.gz
 Net::FTP=GLOB(0x863ce10) 150 File status okay; about to open data 
 connection.
 Net::FTP=GLOB(0x863ce10) QUIT
 Net::FTP=GLOB(0x863ce10) 425 Can't open data connection.

 Would you please help to find the solution for this problem?

 Thanks and best regards,

 --
 Best regards,
 Hai Nam, Nguyen

Re: Connection errors

[David Latorre]

I don't have the time to look into this with detail right now but are
you sure it's not the client side the one which is closing the
connection?

2010/12/10 Danilo Rosetto Muñoz munozdan...@gmail.com:
 Hi all,

 I'm getting to many errors on my ftp server. The scenario is:

   - I have ftp server embedded on my app
   - I have about 50 connections:
      - Its about 15 ~ 30 computers
      - Its about 2 ~ 3 connections per IP
   - Config (server):
      - maxlogins= 400
      - maxthreads = 20
   - Config (user):
      - idletime = 1200
      - maxloginnumber = 0
      - maxloginperip = 0
   - The error occurs to any of computers. I mean, it doesnt occur for an
   specific IP
   - The network is stable (FO)

 I dont know if I can post log here because the email size ... I dont, please
 let me know.

 This is the log:

 2010-12-10 11:50:32,088 pool-3-thread-8  WARN FtpLoggingFilter:122 [
 172.18.0.22:2479] - EXCEPTION :

 java.io.IOException: Connection reset by peer

 at sun.nio.ch.FileDispatcher.read0(Native Method)

 at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39)

 at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:251)

 at sun.nio.ch.IOUtil.read(IOUtil.java:224)

 at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:254)

 at
 org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:202)

 at
 org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:42)

 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:620)

 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:598)

 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:587)

 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:61)

 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:969)

 at
 org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

 at
 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)

 at
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)

 at java.lang.Thread.run(Thread.java:636)

 2010-12-10 11:50:32,089 pool-3-thread-8 ERROR DefaultFtpHandler:156 [
 172.18.0.22:2479] - Exception caught, closing session

 java.io.IOException: Connection reset by peer

 at sun.nio.ch.FileDispatcher.read0(Native Method)

 at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39)

 at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:251)

 at sun.nio.ch.IOUtil.read(IOUtil.java:224)

 at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:254)

 at
 org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:202)

 at
 org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:42)

 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:620)

 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:598)

 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:587)

 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:61)

 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:969)

 at
 org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

 at
 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)

 at
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)

 at java.lang.Thread.run(Thread.java:636)


 And this:

 2010-12-10 11:55:17,885 pool-3-thread-10  WARN FtpLoggingFilter:122 [
 172.18.0.13:4485] - EXCEPTION :

 org.apache.mina.core.write.WriteToClosedSessionException

 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.clearWriteRequestQueue(AbstractPollingIoProcessor.java:573)

 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPollingIoProcessor.java:534)

 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.removeSessions(AbstractPollingIoProcessor.java:497)

 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:61)

 at
 org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:974)

 at
 org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

 at
 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)

 at
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)

 at java.lang.Thread.run(Thread.java:636)

 2010-12-10 11:55:17,885 pool-3-thread-10  WARN DefaultFtpHandler:151 [
 172.18.0.13:4485] - Client closed connection before all replies could be
 sent, last reply was HeapBuffer[pos=0 lim=14 cap=14: 32 

Re: Error when setting file type

[David Latorre]

Do you have the server log and ftpclient output? I mean the output
you get if you do something like this:
 client.addProtocolCommandListener(new PrintCommandListener(new
PrintWriter(System.out)));

The active/passive mode settings are per connection (session) so I
don't think this may be the problem.

2010/11/12 Aidan Diffey aidan.dif...@gmail.com:
 Hello.

 I have an embedded FTP server running inside JBoss that receives input from
 40 concurrent FTP clients. I am using apache commons.net FTPS client to send
 the data.

 Each of these FTP Clients sends both ASCII and Binary data randomly (well,
 sort of) but I am getting a recurring exception:


 2010-11-11 18:06:27,714 ERROR [className]
 org.apache.commons.net.ftp.FTPConnectionClosedException: Connection closed
 without indication.
    at org.apache.commons.net.ftp.FTP.__getReply(FTP.java:297)
    at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:490)
    at
 org.apache.commons.net.ftp.FTPSClient.sendCommand(FTPSClient.java:465)
    at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:534)
    at org.apache.commons.net.ftp.FTP.type(FTP.java:934)
    at org.apache.commons.net.ftp.FTPClient.setFileType(FTPClient.java:965)
 

 This appears to be happening when the setFileType is being called as each
 client needs to set the fileType before sending its data.

 So, client 1 could be sending binary data, and set file type = Binary, but
 at the same time, client 2 could be sending ASCII data and setting file type
 to ASCII.

 Is there a potential problem with FTPServer, or should I be looking into the
 Apache FTP client.

 Regards

RE: Logging level

[David Latorre]

Those are logginf frameworks that can be used with FTPServer, which logging
framekwork are you using?


-Mensaje original-
De: Danilo Rosetto Muñoz [mailto:munozdan...@gmail.com] 
Enviado el: lunes, 08 de noviembre de 2010 17:43
Para: ftpserver-users@mina.apache.org
Asunto: Re: Logging level

David,

Sorry, but what do you mean with log4j/jul/logback ?

Thank you!



On Mon, Nov 8, 2010 at 2:14 PM, David Latorre dvl...@gmail.com wrote:

 Hello Danilo,

  You can set the log levels individually according to the logger name
 (which usually is equal to the name of the class that instantiated the
 logger) . Something like this should be possible:

  com.your.enterpise.yourapp = DEBUG
  org.apache.ftpserver = ERROR


 See the log4j/jul/logback documentation for the specific syntax for
 your logging package.


 2010/11/8 Danilo Rosetto Muñoz munozdan...@gmail.com:
  Hi,
 
  I checked http://mina.apache.org/ftpserver/logging.html page. So once
 the
  log is configured through properties file, I believe that its impossible
 set
  some filter like we have in XML configuration log files.
 
  The problem is that I am embedding FTP server on my app and I get too
 many
  logging from FTP. I wouldn´t like to set up my app logging level. So,
 lets
  summarize my question: How to separate my app and FTP server logging?
May
 I
  do that at run time?
 
  Thanks a lot,
 
  --
  Danilo Rosetto Muñoz
  munozdan...@gmail.com
  http://munozdanilo.googlepages.com
 




-- 
Danilo Rosetto Muñoz
munozdan...@gmail.com
http://munozdanilo.googlepages.com

Re: Logging level

[David Latorre]

Hello Danilo,

 You can set the log levels individually according to the logger name
(which usually is equal to the name of the class that instantiated the
logger) . Something like this should be possible:

 com.your.enterpise.yourapp = DEBUG
 org.apache.ftpserver = ERROR


See the log4j/jul/logback documentation for the specific syntax for
your logging package.


2010/11/8 Danilo Rosetto Muñoz munozdan...@gmail.com:
 Hi,

 I checked http://mina.apache.org/ftpserver/logging.html page. So once the
 log is configured through properties file, I believe that its impossible set
 some filter like we have in XML configuration log files.

 The problem is that I am embedding FTP server on my app and I get too many
 logging from FTP. I wouldn´t like to set up my app logging level. So, lets
 summarize my question: How to separate my app and FTP server logging? May I
 do that at run time?

 Thanks a lot,

 --
 Danilo Rosetto Muñoz
 munozdan...@gmail.com
 http://munozdanilo.googlepages.com

Re: localhost is working, machine name does not

[David Latorre]

Hello Oleg,

Just remove the local-address property in the listener configuration
so FTPServer will bind to all the available interfaces.



2010/8/3 Francis De Brabandere franci...@gmail.com:
 I suppose you could try binding to 0.0.0.0 that should bind to all interfaces

 On Tue, Aug 3, 2010 at 2:15 PM, Koyfman, Oleg o...@hp.com wrote:
 Ok, I found the problem. I was passing localhost as a binding address. 
 Once I passed the machine name, I could connect to it from another machine, 
 however, now I can't connect to a localhost. Can I pass few addresses to 
 bind my ftp with?

 Thanks,
 Oleg.

 -Original Message-
 From: Koyfman, Oleg
 Sent: Tuesday, August 03, 2010 2:43 PM
 To: ftpserver-users@mina.apache.org
 Subject: localhost is working, machine name does not

 Hi,

 I am using one of the given examples CommandLine class, and pass it 
 ftpd-typical.xml configuration file. The ftp server is running and I can 
 connect to it from my localhost using the name localhost. But if I try to 
 use it from another machine by its IP or even from the same machine with IP, 
 it fails to connect.
 I suspect, that there is something with IP bindings, but I couldn't find 
 anything like it in the internet.
 Does anybody knows what is the problem?

 Thanks,
 Oleg.




 --
 http://www.somatik.be
 Microsoft gives you windows, Linux gives you the whole house.

Re: [proftpd] Re: diagnosing startup problems

[David Latorre]

Hello Allen,

 You need to call server.start()

Since my knowledge of spring is equal to NIL, I can't help you with
that but I think there is a init-method( and destroy-method)
attribute that can be used in bean declarations in order to control
object lifecycle.



2010/8/3 Allen Firstenberg prof...@addventure.com:
 All I have been doing is including the FtpServer xml configuration as one of
 my servers's configuration files.
 I can confirm that the server object is being created, along with what looks
 like some autowired framework to support it.

 Once the bean is created - is there something specific I need to do to run
 it?  This seems to contradict the documentation which states you can embed
 the server element where ever you like within you Spring configuration,
 and with FtpServer on the classpath, Spring will wire up the server for
 you.

 Allen

 On Tue, Aug 3, 2010 at 7:32 AM, David Latorre dvl...@gmail.com wrote:

 Can you copypaste the code  you are using to start the server?


 2010/8/2 Allen Firstenberg prof...@addventure.com:
  I have been attempting to incorporate FtpServer into a current
 spring-based
  project that I have, and have run into some problems.  Although I have a
  configuration file that works using the stand-alone script, it does not
 seem
  to start a server (or at least does not seem to listen on the designated
  port) when incorporated into my project.  I can see a spring diagnostic
  message saying it is reading the xml file, and that the singletons are
  created - but nothing obvious indicating why it is not listening to the
  port.
 
  Any suggestions for the best way to diagnose startup problems of this
 sort?
 
  Thanks!
  Allen
 

Re: Handling maximum login limit condition

[David Latorre]

Hello Satish,

You can set an idle timeout so clients will be disconnected after this
time as the documentation explains. Killing all the client connections
doesn't sound quite right to me.





2010/7/19 Satish Kaveti satish.kav...@sick.com:
 I am using FtpServer with multiple FTP clients sending JPEG images. The
 FTP clients are multithreaded applications. Occassionally, the FtpServer
 goes into a continuous loop wherein it refuses all new client connections
 with '421 Maximum login limit has been reached' response. It seems that
 for some reason the client is not closing the inactive connection. As I
 have not control over the FTP client code, I am not sure of the real cause
 of the problem. As a temporary fix, at the FtpServer I want to close all
 client connections whenever the login limit is reached. How can I
 implement it ?

 Thanks.

 Satish Kaveti
 Software Engineer

 
 SICK, Inc.
 Automatic Identification Solutions
 
 800 Technology Center Drive
 Suite 6
 Stoughton, MA  02072 USA
 Direct: 781.302.2525
 Phone: 781.302.2500
 Fax: 781.828.3150
 http://www.sickusa.com

Re: keep user files on ftp server always encrypted

[David Latorre]

Hello,
As Frank says, this is easily fixed using your own FileServer
implementation. I made some changes in the Default FileSystem impl. in
order to make this task simpler  by extending NativeFtpFile. In our
case,  we only needed to extend two methods:

public InputStream createInputStream(final long offset) throws
IOException  (  this one would open a decryption stream over the
regular FileInputStream so the users get the plain files back).

public OutputStream createOutputStream(final long offset)  ( this one
would open an Encryption stream over the regular FileOutputStream so
the received files are stored encrypted).


But please, take into account that our solution probably breaks
compatibility with ascii mode, z mode (compression) and  even REST
support - we do not need any of these features.









2010/7/15 Frank van der Kleij kl...@hotmail.com:


 You can easily plug in your own file system via the configuration file.

 In your implementation you can just extend the standard (at least if you
 want to store the files in the local filesystem) and do your encryption and
 decryption.

 Frank


 Date: Wed, 14 Jul 2010 21:49:46 -0400
 Subject: keep user files on ftp server always encrypted
 From: sur...@gmail.com
 To: ftpserver-users@mina.apache.org

 Hi,

 I'm wondering if it's possible to keep user data always encrypted on the ftp
 server in current implementation.

 If not, how much efforts it'll take and can it be prioritized in any other
 way than voting?

 Example:
 When user upload a plain file to ftp - it encrypts file and stores encrypted
 file instead of plain one. And otherwise when download.


 Thanks,
 K.

 _
 New Windows 7: Find the right PC for you. Learn more.
 http://windows.microsoft.com/shop

Re: How do you specify a custom file system?

[David Latorre]

I'm glad you solved your problem!

AFAIK, we  don't have any example of FTPFileSystem  which implements
permissions (be it DB-based or otherwise) so if you were able to
contribute it ( i don't know if as an example or even as an
alternative FileSystem implementation) many of our users would be
thankful!

If you have any other problem with FTPServer or any suggestion to
improve the product, we'll be glad to help :-)

Cheers,


2010/6/2 Toli Kuznets tkuzn...@marinsoftware.com:
 Gentleman,

 I sincerely apologize and withdraw my previous question due to user
 error - I was editing the wrong Spring file, and hence was seeing the
 error. My bad!

 I see that you need to supply the FileSystemFactory to the
 ftp:filesystem setup, and that supplies the User object to the
 FileSystem.

 I think I can work with that, and I probably don't need to set the
 FtpContext

 thank you very much for the great design!

 On Wed, Jun 2, 2010 at 10:48 AM, Toli Kuznets
 tkuzn...@marinsoftware.com wrote:
 Hi,

 I'm trying to specify a custom file system implementation to be users
 when users log in. I want to use one shared directory, and depending
 on user permissions, i'll need to show different set of visible
 directories to them. All the permissions will be coming from a db.

 I've noticed that there's a ftp:filesystem element in the ftp:server
 definition, but i can't seem to get the right Spring syntax to load it
 up.

 I've tried this:

 ftp:server id=ftpServer anon-enabled=false max-anon-logins=-1
   ftp:filesystem
   bean id=filesystem class=com.marin.plugin.MarinFileSystem/
   /ftp:filesystem
 /ftp:server

 However, when i try running it i get the following error:
 BeanDefinitionParsingException: Configuration problem: Cannot locate
 BeanDefinitionParser for element [filesystem]
 Offending resource: class path resource [ftpserver-config.xml]

 What is the correct way to specify the filesystem?

 And a follow up question: How do you specify the FtpServerContext for
 the file system to be used? The FileSystem interface doesn't have any
 user information, and all my directory decisions must b edone based of
 the user that's browsing the file system.  I can crate the
 serverContext and pass it to my file system,but i need to have the
 FtpServer use that context I didn't see any mention of the context
 in the Spring configs.

 thanks.

Re: Embedding ftpserver for unit test

[David Latorre]

Thanks for the help, Andy!

Please note that the current recommended way of creating users is
using org.apache.ftpserver.usermanager.UserFactory if available, this
way you can create users in an OSGI environment.  I just updated the
ManagingUsers example :)


2010/5/23 Marc Esher marc.es...@gmail.com:
 Andy,
  Thanks! Everything is working fine now.

 Regards,

 Marc

 On Sat, May 22, 2010 at 7:56 PM, Andy Thomson a10008...@gmail.com wrote:
 Marc,

 Tried out your code snippet, changed the user file to just
 user.properties so that it would be relative to the where code was
 actually run.  I tested with maven, so I created an empty file called
 user.properties in the same directory as the pom.xml [project root]. I
 made the user home to be /tmp/bin/ftp/tmpHome.

 It worked.  The user home directory was in the /tmp directory. I set the
 permissions to 777 on that tree, and wrote a file via ftp.

 I changed the user home directory to be a relative path, it also worked.
 The user home directory was created in the project root.

 I am suspecting that your problem is that the user.properties did not
 exist. Create it in a known location, just make it an empty file.

 Here is the code:

 public class FtpTest {

    /**
     * @param args the command line arguments
     */
    public static void main(String[] args) throws FtpException {

        FtpServerFactory serverFactory = new FtpServerFactory();

        ListenerFactory factory = new ListenerFactory();
        factory.setPort(2221);
        serverFactory.addListener(default,
                                   factory.createListener());

        FtpServer server = serverFactory.createServer();

        PropertiesUserManagerFactory userFactory =
             new PropertiesUserManagerFactory();
        File userFile = new File(users.properties);
        File userHome = new File(tmp/ftp/tmpHome/);
        userHome.mkdirs();
        userFactory.setFile(userFile);

        UserManager um = userFactory.createUserManager();
        BaseUser user = new BaseUser();
        user.setName(unittest);
        user.setPassword(unittest);
        user.setHomeDirectory(userHome.getAbsolutePath());
        um.save(user);
        System.out.println(user.getHomeDirectory());
        serverFactory.setUserManager(um);
        System.out.println(Arrays.toString(um.getAllUserNames()));
        server.start();
    }
 }

 Andy

 On 05/22/2010 10:47 AM, Marc Esher wrote:
 Greetings all,
   Please pardon what is surely something very simple I'm missing. I
 need to spin up an ftp server solely for the purpose of a unit test,
 and Apache FtpServer seems like exactly what I need. Except... I'm
 having a bit of trouble with the user's permissions and home
 directory.

   The server starts fine, and I can log in with the user I'm creating,
 but the I get a 550 no such directory problem on login. As I said, I
 know this is a complete duh thing, but I can't figure it out.

 Here's my sample code:


 FtpServerFactory factory = new FtpServerFactory();
               FtpServer server = factory.createServer();

               PropertiesUserManagerFactory userFactory = new 
 PropertiesUserManagerFactory();
               File userFile = new File(bin/ftp/users.properties);
               File userHome = new File(bin/ftp/tmpHome/);
               userHome.mkdirs();
               userFactory.setFile(userFile);
               UserManager um = userFactory.createUserManager();

               BaseUser user = new BaseUser();
               user.setName(unittest);
               user.setPassword(unittest);
               user.setHomeDirectory(userHome.getAbsolutePath());//tried both
 relative and full paths... no luck
               um.save(user);
               System.out.println(user.getHomeDirectory());


               factory.setUserManager(um);
               System.out.println( Arrays.toString(um.getAllUserNames())   );


               server.start();

 The directory exists and has some other files and directories in
 there. I thought that by logging in with a client (I'm using FileZill
 and FireFTP) I'd land in the home directory I specified in
 baseUser.setHomeDirectory().

 I've tried passing relative and full paths to setHomeDirectory, each
 with the same result.

 Can anyone tell me the very simple thing I'm missing?  Again, this is
 simply for a unit test, so I'm looking for the absolute minimum amount
 of effort to get an ftp server running for a few seconds with a single
 user to log in, CWD, and read some file attributes, and that's about
 it.

 Thanks so much!

 Marc

Re: Netstat and LAST_ACK hanging

[David Latorre]

Hello Dan,

Can you describe your environment? Version, configuration, SSL or not...
We had some problems with hanging connections but those were solved
before 1.0.4 (probably they are solved in all the 1.0.x
distributions).



2010/5/10 Dan d...@tipjarawards.com:
 Our server is running but over time it hanged and the netstat gave this kind
 of output (endless connections waiting for LAST_ACK). Are we missing
 something to clean up these connections if the client leaves them hanging?
 Is there a timout we can use?

 Thanks,

 Dan

 Here is the output from netstat -taupe | sort

 ...
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16093
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16225
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16328
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16380
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16513
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16778
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16906
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16924
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16981
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:17091
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:17097
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:17218
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:17273
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:17742
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:17821
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:17825
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:17872
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:18188
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:18393
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:18417
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:18465
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:18517
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:18894
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:18958
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:18978
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:19110
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:19128
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:19237
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:19460
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:19654
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:19789
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:19905
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:19975
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:20023
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:20091
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:20484
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:20498
 LAST_ACK    root       0          -
 tcp        1      1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:20503
 LAST_ACK    root       0          -
 ...

Re: FTPServer 1.0.4: suspect race condition during requestPassivePort() hanging FTP(S) server with one passive data connection port

[David Latorre]

2010/3/26 Sai Pullabhotla sai.pullabho...@jmethods.com:
 David,

 I just re-read your comments towards the end of your previous email:

 I wonder if we are suffering a similar problem in any other cases; if
 it was so, we might need to delay the opening of the ServerSocket
 until the LIST (or GET or PUT...) commands are executed

 Do you think creating/binding a new ServerSocket could potentially
 take a long time? Is that your concern?

Not really, my concern here was that we could have some concurrency
issue,  but this shouldn't be a problem anymore with the wait() calls
removed.



 Regards,
 Sai Pullabhotla





 On Fri, Mar 26, 2010 at 7:11 AM, David Latorre dvl...@gmail.com wrote:
 2010/3/26 Niklas Gustavsson nik...@protocol7.com:
 On Fri, Mar 26, 2010 at 9:50 AM, Fred Moore fred.moor...@gmail.com wrote:
 1\ Priority of passive port sharing ehnancement: Niklas survey shows that 
 we
 are indeed in good company here, but it's problably worth having a better
 look at this anyway, there might be good technical reasons that led all the
 other teams not to support this or it may turn up that it's simply 
 because
 it's somewhat hard to develop and test.

 After this discussion I'm significantly less thrilled at implementing
 shared passive ports :-)

 Shared passive ports would be a nice feature if they aren't too hard
 to implement. Among the opensource servers, I think coloradoFTP -a
 NIO-based java FTPServer under the LGPL license- offered this (since
 their data connections also use async sockets this shouldn't be too
 hard for them, but I don't know if they solved the use case depicted
 by Sai: when there are several sessions open from the same IP)  but it
 seems that commercial solutions offer this and more...



 2\ Quick fix for 1.0.x codebase: pushing a 40x to the client  when no
 passive port is available (or probably better: no passive port is available
 within X seconds) it's probably something we need to do anyway.

 Thinking some more about this, I'm personally now convinced that
 should simple return an error (not waiting). I'm not sure what the
 best reply code should be, but 425 Can't open data connection seems
 fitting although not specified as valid return from the PASV command.

 3\ Suspect race condition: the problem description for the originally
 reported http://issues.apache.org/jira/browse/FTPSERVER-359 (see also repro
 code attached to the jira) actually hints also to something different as
 well, in fact we state that a few (say 20) parallel threads issuing LISTs 
 in
 passive mode are able to lock-up the server forever. Questions:

 3.1\ Is this interely explained by this thread discussion? (I don't think
 so: the server should *always* be able to recover)

 Agreed, the server should always recover from a situation like this.
 After looking into how to fix item 2, we need to rerun your tests and
 make sure we always survive.

 Thinking about this issue my understanding of the problem is as follows:

 1. We have a number of connections to FTPServer   the Executor
 threadpool max  size (I think it is 16) sending  the PASV command.

 2. The first one of them requests the only available port and gets it.
 Now the port is in use by a server socket and any subsequent call to
 requestPassivePort will end up invoking wait().

 3. The thread that processed this PASV command is now available and a
 new PASV request is assigned to it.

 4. Now all threads are trying to request a passive port, but since
 there are no ports available  all the threads in the OrderedThreadPool
 get blocked by the wait() method.

 I wonder if we are suffering a similar problem in any other cases; if
 it was so, we might need to delay the opening of the ServerSocket
 until the LIST (or GET or PUT...) commands are executed.

 I hope I made myself clear and that my understanding was right.


 3.2\ Would this be fixed by a quick fix as per 2\? (likely, but it's sort 
 of
 like using nukes to for mowing the lawn)

 I really have no idea, but I think we should fix 2 first and then make
 sure we handle your test case.

 In short my current position can be stated as follows: I think that
 FTPSERVER-359 has a different root cause from what we discussed, the 
 problem
  impact is not completely known at the moment but it appears to *severely*
 affect the server availabily... having just one port is an easy way of
 reproducing it (but not the cause of it).

 Agreed.

 /niklas

Re: FTP transport alternatives for faster throughput

[David Latorre]

2010/3/26 DevNull43 dev.null...@gmail.com:
 I've been wondering so many times about FTP alternatives for faster
 transfers.

 I've seen commercial companies with nice experimental protocols boosting
 throughput efficiency ( but haven't had the chance to test myselves).

 http://www.dataexpedition.com/
 http://www.filecatalyst.com/
 http://www.asperasoft.com/en/technology/fasp_overview_1/fasp_technology_overview_1
 http://www.rocketstream.com/home/default.aspx

 The performance is so promising that I wonder how is possible it's not
 widely used.

 My only guess is they are not standards, not OpenSource, and are
 copyrighted.

 I wonder how FTP protocol has not been enhanced in such a way in the
 standard.

 Do you know of any OpenSource transfer protocol similar to the comercial
 ones I posted?

 Shouldn't Apache MINA or FtpServer be the right place for such a
 development?

 What do you think on those transfer protocols?

I'm not familiar with  these protocols, but I would say that some of
their claims are hard to believe... some of them they are 100x faster
than FTP while aspera claims that their fasp solution is 1000x faster!

Although I do believe that you can increase speed by using UDP instead
of TCP and an optimized mechanism for reception  acknowledgment,
packet retransmision and such, I would like to know what the real
figures are.  Have you checked any of these?




 Thanks!

Re: FTPServer 1.0.4: suspect race condition during requestPassivePort() hanging FTP(S) server with one passive data connection port

[David Latorre]

2010/3/24 Niklas Gustavsson nik...@protocol7.com:
 On Wed, Mar 24, 2010 at 6:03 PM, Fred Moore fred.moor...@gmail.com wrote:
 we found an issue related to requestPassivePort() which may lead to an
 unresponsive V1.0.4 FTP (or FTP/S) Server, this issue can be reproduced.

 http://issues.apache.org/jira/browse/FTPSERVER-359 contains full description
 of the symptoms and a minimalist java client and server to reproduce it.

 I haven't yet looked closer at the code you attached. But, I have seen
 similar behavior myself during performance testing FtpServer. In that
 case, I had a very similar behavior at around 20 threads. However, the
 reason for the problem in that test was that the test case uses up
 file handles (for the sockets) so fast that they will run out. Since
 sockets hang around for some time also after closing, they were not
 freed quickly enough and thus FtpServer could not open new ones. Could
 you please verify that this is not the case here? You could look at
 netstat output and look into increasing the allowed number of file
 handles our the timeout time for sockets in your OS.


Actually it is quite easy to reproduce this error (I just wrote a
client test case with throws 20~30 threads that list a directory in
the server ) and it's not file handle related:
  we have several bugs in our code that cause this behaviour ,  i
think we hould rewrite all the request/release passive port mechanism
as there are several issues with it.







 /niklas

Re: Detecting interrupted upload

[David Latorre]

You should check the reply code as Niklas suggested but, besides this,
we usually suggest that the client rename the file after successfully
uploading it - ideally it would also check the MD5 sum of the
transferred file prior to this name change.




2010/3/18 Niklas Gustavsson nik...@protocol7.com:
 On Thu, Mar 18, 2010 at 8:04 PM, Sébastien Roy s...@okiok.com wrote:
 Recently, for the first time, I end up not being able to accomplish 
 something. I was looking for a way to detect FTP uploads that would not 
 complete normally (client close connection, network interruption, etc ...). 
 My conclusion is that there is no way to detect if a transfer has completed 
 normally or if the transfer has been interrupted. Did anyone has any ideas 
 how it would be possible to be notified if such interruption occurs?

 From Ftplet.afterCommand, you should be able to look at the reply. For
 those failed transfers that FtpServer can detect (that causes an
 SocketException or IOException) this should be something like 426 or
 551.

 /niklas

Re: LIST from database

[David Latorre]

2010/3/19 Kenneth Vanvik Hansen kvhan...@online.no:
 I've got a custom ( looks very much like the native one atm) filesystem
 implemented. Now I am wondering how to make the server use it. Figure I have
 to call setFileSystem() in FileSystemFactory somehow. Help? :)


You should create your own FileSystemFactory  and set it in the
DefaultFtpServerContext like this:
 context.setFileSystemManager(filesystemFactory);



 -Original Message-
 From: Kenneth Vanvik Hansen [mailto:kvhan...@online.no]
 Sent: 18. mars 2010 16:38
 To: ftpserver-users@mina.apache.org
 Subject: RE: LIST from database

 Nice one. No rush :-) Would be nice with a heads up when/if you get it done.

 -Original Message-
 From: Niklas Gustavsson [mailto:nik...@protocol7.com]
 Sent: 18. mars 2010 16:14
 To: ftpserver-users@mina.apache.org
 Subject: Re: LIST from database

 On Thu, Mar 18, 2010 at 4:02 PM, Kenneth Vanvik Hansen kvhan...@online.no
 wrote:
 Would be really nice. Have searched for info on it but can't say I've
 found any. I'm not sure how I'm supposed to start doing this so I
 might just go ahead with replacing the LIST command like my first idea
 was.

 I will have a go at writing such an example implementation, but don't hold
 your breath, it might take a few days or so.

 /niklas

Re: Avoid onuploadend being called after connection lost

[David Latorre]

What version of FTPServer are you using?  'FtpReply' should be the
last parameter in the afterCommand() method for an FTPLet.


2010/3/1 Vinicius Carvalho vinicius.carva...@sambatech.com.br:
 Hello David. I found that this variable is present on IOFTPSession, but I
 can not access it. How can I get its value?

 Regards

 On Mon, Mar 1, 2010 at 7:08 AM, David Latorre dvl...@gmail.com wrote:

 Hello Vinicius,

 You have to explicitly check the reply variable in your
 onUploadEnd()/afterCommand() method. This variable  should contain the
 last reply of the 'upload'(STOR, STOU...) command which, I guess, will
 be = 400 in case of any IO error.




 2010/2/25 Vinicius Carvalho vinicius.carva...@sambatech.com.br:
  Hello there! We are facing some problems with our server. If the remote
  client process dies, the onuploadend method is invoked, and the
 transfered
  file is not complete. Is it possible to avoid this? Shouldn't a sudden
  disconnection be treated as error?
 
  Regards
 

Re: Avoid onuploadend being called after connection lost

[David Latorre]

Hello Vinicius,

You have to explicitly check the reply variable in your
onUploadEnd()/afterCommand() method. This variable  should contain the
last reply of the 'upload'(STOR, STOU...) command which, I guess, will
be = 400 in case of any IO error.




2010/2/25 Vinicius Carvalho vinicius.carva...@sambatech.com.br:
 Hello there! We are facing some problems with our server. If the remote
 client process dies, the onuploadend method is invoked, and the transfered
 file is not complete. Is it possible to avoid this? Shouldn't a sudden
 disconnection be treated as error?

 Regards

Re: Upgrading from old ftpserver jar raises MINA library questions.

[David Latorre]

You can  use  both MINA  MINA 2 based applications if you're
deploying the apps on an Application Server as Ashish suggested.
Another option that might work for you would be using an OSGI
environment ( mmh anyone, is that right? ) or use your own custom
classloaders.
Still, if it is a single app where you both use a FTPServer and your
own MINA 1.0 code  it would probably much easier to migrate MINA 2 if
possible.



2010/1/21 Ashish paliwalash...@gmail.com:
 AFAIK, you can't, unless you get into creating Classloader and stuff
 that are present in App Servers.

 Upgrading to new MINA version shouldn't take much time, though you are
 the best person to estimate the testing effort and other stuff.

 thanks
 ashish

 On Wed, Jan 20, 2010 at 8:32 PM, Kieran M k13...@googlemail.com wrote:
 Hello !
 1) I have inherited a java application with a jar ftpserver.jar - see
 Note 1 below. I want to check what version of ftp server I have  - am
 guessing by the 2005 date it's old :-)
 How can I tell from the jar what version I have ?

 2) I would like to upgrade the ftpserver jar as we have see some FTP
 weirdness, but
 I see that ftpserver-1.0.3.zip is available at
 http://cwiki.apache.org/FTPSERVER/downloads.html and it i.e. version
 1.0.3 has a requirement for mina-core-2.0.0-M6.jar however I am using
 MINA ver 1.0 in my application for something else and upgrading the
 other MINA usage at this time is a bit risky (its non-trivial change)

 Any advice here e.g. is is possible to run the new ftpserver-1.0.3
 with mina-core-2.0.0-M6 in parallel with MINA ver 1.0 in same process?

 Thanks!
 K137an.

 [Note 1]
 jar tvf ftpserver.jar
  0 Wed Sep 14 11:50:14 IST 2005 META-INF/
    106 Wed Sep 14 11:50:12 IST 2005 META-INF/MANIFEST.MF
  0 Wed Sep 14 11:47:52 IST 2005 org/
  0 Wed Sep 14 11:47:52 IST 2005 org/apache/
  0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/
  0 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/
  0 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/config/
  0 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/filesystem/
  0 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/ftplet/
  0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/gui/
  0 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/interfaces/
  0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/iprestrictor/
  0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/logger/
  0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/message/
  0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/socketfactory/
  0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/ssl/
  0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/usermanager/
  0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/util/
    342 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/Command.class
    672 Wed Sep 14 11:47:52 IST 2005
 org/apache/ftpserver/ConnectionManagerImpl$1.class
   6308 Wed Sep 14 11:47:52 IST 2005
 org/apache/ftpserver/ConnectionManagerImpl.class
   3990 Wed Sep 14 11:47:52 IST 2005
 org/apache/ftpserver/DataConnectionConfig.class
   7558 Wed Sep 14 11:47:52 IST 2005
 org/apache/ftpserver/DirectoryLister.class
   7906 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/FtpConfigImpl.class
   4134 Wed Sep 14 11:47:52 IST 2005
 org/apache/ftpserver/FtpDataConnection.class
   7094 Wed Sep 14 11:47:52 IST 2005
 org/apache/ftpserver/FtpRequestImpl.class
    789 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/FtpServer$1.class
   5848 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/FtpServer.class
   7180 Wed Sep 14 11:47:52 IST 2005
 org/apache/ftpserver/FtpStatisticsImpl.class
  10744 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/FtpWriter.class
    776 Wed Sep 14 11:47:52 IST 2005
 org/apache/ftpserver/FtpletContainer$FtpletEntry.class
   9682 Wed Sep 14 11:47:52 IST 2005
 org/apache/ftpserver/FtpletContainer.class
  13966 Wed Sep 14 11:47:52 IST 2005
 org/apache/ftpserver/RequestHandler.class
   1082 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/ABOR.class
    921 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/ACCT.class
   5469 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/APPE.class
   2171 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/AUTH.class
   1617 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/CDUP.class
   1695 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/CWD.class
   3697 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/DELE.class
   2958 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/EPRT.class
   1514 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/EPSV.class
    969 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/FEAT.class
   1116 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/HELP.class
    897 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/LANG.class
   2382 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/LIST.class
   

Re: ssl connection problem

[David Latorre]

Hello Tirtza,

According to FileZilla log you're trying to connect via SFTP protocol,
which is a protocol for file transfer over SSH different from FTP.

So, you should chose FTPS (FTP OVER TLS/SSL IMPLICIT)  in the server
type combo  or even FTPES if you keep implicit-ssl to false.

Let us know if you should have any other problems,

David


2009/12/10 Tirtza Bernstein tirt...@simply-y.com:
 Hi,

 I am trying to configure the ftpserver to use ssl.  When I set implicit-ssl
 to be false it works (through filezilla and port 21) however if I switch
 implicit-ssl to be true I can't connect.



 Status:                      Connecting to 1.2.3.4...

 Response:               fzSftp started

 Command:               open ad...@1.2.3.4 22

 Error:                        Connection timed out

 Error:      Could not connect to server



 nio-listener name=default port=22 implicit-ssl=false
 idle-timeout=600 

                  ssl protocol =SSL

                        keystore file=./res/myftp.jks
 password=mypassword /

                  /ssl

 /nio-listener



 What am I doing wrong?



 Thanks

Re: How to configure Apache FtpServer?

[David Latorre]

You might want to have a look at our examples (if you are using  OSGI
or a web application) or tests. Actually, in order to use Spring
configuration , it would be useful if you knew a little bit about
Spring :-) I haven't studied Spring framework at all so yes, at first,
it might be a little hard to figure this out.

In Spring you have several classes you can use for this:
In PropertyPlaceHolderTest:

FileSystemXmlApplicationContext ctx = new
FileSystemXmlApplicationContext(

src/test/resources/spring-config/config-property-placeholder.xml);

DefaultFtpServer server = (DefaultFtpServer) ctx.getBean(server);


Instead of FileSystemApplicationContext, you could use
ClassPathXmlApplication so the spring config file can be loaded from
your classpath.


In SpringConfigTest:

XmlBeanFactory factory = new XmlBeanFactory(new FileSystemResource(
src/test/resources/spring-config/config-spring-1.xml));

You can also use a ClassPathResource or any other Spring-provided Resource type.






2009/11/28 Peter Cai newpt...@gmail.com:
 I found this very simple description on Apache FtpServer's document:

 Integration with Spring Framework

 Apache FtpServer uses Spring Framework to implement the configuration. That
 also means that we get the added benefit of full integration with regular
 Spring XML configuration. For example, you can embed the server element
 where ever you like within you Spring configuration, and with FtpServer on
 the classpath, Spring will wire up the server for you.

 Nothing else about:

   1. Where should I put this configure file?
   2. What should the file name be?
   3. How could the application find that file?

 Do I have study Sprint's Configure Framework to know all about it?


 --
 look to the things around you,the immediate world around you, if you are
 alive,it will mean something to you ——Paul Strand

Re: Problem embedding in Glassfish

[David Latorre]

I'm glad, your problem was solved (should we maybe add this somewhere
in the wiki?) and as Niklas said, It would be cool that you shared
your db-based file manager :-)

Cheers,

David



2009/11/12 Brett Bergquist br...@thebergquistfamily.com:
 Yes, I am under the gun to use them for a Friday demo but I will clean them
 up and make sure they are generic and contribute the back.  Right now I am
 limiting the capability to predefined directories to FTP into but it will
 be relatively easily to add full functionality.

 Niklas Gustavsson wrote:

 On Thu, Nov 12, 2009 at 1:18 AM, Brett Bergquist
 br...@thebergquistfamily.com wrote:


 Anyways, I'm now writing n FileSystemFactory, FileSystemView, and FtpFile
 classes that provide a file system in a database using blobs, etc.   I
 actually got it working today to retrieve files stored in our database.
  Now to the storing side working.


 Cool, if this is something you would like to share, I would be happy
 to have a look at the classes for inclusion in the main project. Of
 course, given that they are generic.



 This is pretty sweet.  The architecture of this is very nice, very
 plugable.
 I really like it!


 That's good to hear :-)

 /niklas

Re: Problem embedding in Glassfish

[David Latorre]

2009/11/16 Niklas Gustavsson nik...@protocol7.com:
 On Mon, Nov 16, 2009 at 11:40 AM, David Latorre dvl...@gmail.com wrote:
 I'm glad, your problem was solved (should we maybe add this somewhere
 in the wiki?)

 Sounds good. Feel free to add it to the FAQ :-)

 http://mina.apache.org/ftpserver/faq.html


Unfortunately I don't have access to cwiki ( I mean, I do have an
account - dlatorre - but I cannot edit the pages). I think I commented
on this before but never requested to be added to the appropriate
groups before, I guess this is a good moment :-)

Re: Problem embedding in Glassfish

[David Latorre]

Hello Brett,

Try to uncomment this line in domain.xml:

com.sun.enterprise.server.ss.ASQuickStartup=false

It seems that there's some odd problem relating to NIO  when
QuickStartup is enabled. I had this problem myself but only in some
glassfish versions under Vista, i wonder why's that... If you still
can't make it work you might want to deploy our some war file
ftpserver and see if it works.




2009/11/11 Brett M. Bergquist br...@thebergquistfamily.com:
 It seems to be something with my Vista machine.  Here at work running XP, I
 have no problems :(  Now to find out what in the heck it is.  Since I see no
 debug output when connecting, it must still be some issue with security or
 firewall on the Vista machine.  Funny thing is that I can start the
 standalone ftpd.exe and that runs.

 Zhu, Yan-Bo (TSG-GDCC-CD) wrote:

 Make sure you are not in debug mode and your application is breaking at a
 breakpoint.


 I am trying to embed the server in Glassfish.  I am doing so by creating
 a Glassfish LifecycleListener and I start the server up when I receive
 the ready event.  This seems to be working but I cannot connect to the
 server.  I try and basically the connect just hangs.  I am running this
 on Window's Vista and I have turned off the firewall.

 Netstat -a reports:


    Active Connections

      Proto  Local Address          Foreign Address        State
      TCP    0.0.0.0:21             brett-home:0
 LISTENING


 So it seems like the server is up and running.  I also made sure that I
 did not have anything running on port 21 to begin with.

  My Glassfish log looks like:

    WEB0712: Starting Sun-Java-System/Application-Server HTTP/1.1 on 8181
    WEB0712: Starting Sun-Java-System/Application-Server HTTP/1.1 on 4848
    SMGT0007: Self Management Rules service is enabled
    [ INFO] 2009-11-10 21:05:32,534 [] [] FTP server started
    onReady called
    Application server startup complete.

 So from that it looks like I the server started up correctly.  But I
 cannot connect to the server:

    C:\Users\brettftp localhost
    Connected to brett-home.

 This just hangs.  I don't see anything in the Glassfish log either when
 I do this.  It's as if it never reaches the code.

Re: Running FtpServer in plain FTP mode only or Explicit FTP mode only

[David Latorre]

Hello Matt,

 You can use a custom FTPLet for this. If you search the mailing list
you will find this question asked several times ...
For FTPES only:
   In your custom FTPLet you can hook onLoginStart - this is the
beforeCommand when the command is USER- to make sure that channel is
secured with (session.isSecure() )

For FTP only: never done this but you can hook beforeCommand of AUTH
and forbid the attempt for authentication.


In your FTPLet you would define some variable to specify if  you want
FTPES only, FTP only or normal mode.  This variable can be populated
from the Spring configuration file ... and that's all , I think.


2009/10/20 Matt Schulze matthew.schu...@onlinebankingsolutions.com:
 Hello,

 I would like to be able to set up an embedded FTP server in my Spring
 application, but restrict it to either Explicit FTP mode only (Accept no
 commands except AUTH/USER/PASS/PBSZ until the connection is secured) or
 normal FTP mode only (ignore any 'AUTH' commands). If no mode is
 restricted, the server should exhibit normal behavior.

 The current implementation of this behavior has some small changes to
 the FtpServer source to increase the visibility of some variables and
 methods and hooking into CommandFactory and CommandFactoryFactory. Is
 there a way to implement this behavior without modifying the current
 FtpServer source?

 - Matt
 --
 Matthew Schulze

Re: implement a ftplet to limit the size of upload files

[David Latorre]

I think your code is OK  except for  a  problem:
 - Restarting a failed transfer would mean that the user can safely
ignore your limit. To solve this, you could take into account the
skipLen value in order to prevent users from circumventing your
limits.


  The pieces of code you didn't understand:
  -- First block:  // 24-10-2007 - added check if PORT or
PASV is issued, see
//// https://issues.apache.org/jira/browse/FTPSERVER-110

This block checks if a PORT or PASV command was issued previously. In
FTP, you must send a PORT or PASV command before any command that
sends data (stor, retr, mlsd etc.).

 -- awaitUninterruptibly : it makes sure the 150 150_FILE_STATUS_OKAY
command is sent before proceeding.
 --ServerFtpStatistics: this component keeps statistics of the
FTPServer usage. If you don't know it, you probably don't need it.
Still, I think your code doesn't break it in any way.



 2009/10/21 Zhu, Yan-Bo (TSG-GDCC-CD) yanbo@hp.com:
 I'v figured out a implementation by copy the sourcecode in STOR.java to my 
 Ftplet's onUpload method.
 The following the sourcecode ,pls notice the // at the start of some lines ,
 Some changes are needed:
 1, LocalizedFtpReply.translate()method is not usable in ftplet,
 2, create a new FilterOutputStream object and pass it to transferFromClient 
 to limit the size .
 When I test from a ftp client ,it seems like that the result is what I want .
 But I'm not sure there is no bug because I'm not fully understand the code I 
 commented by //.

 Could someone give me some suggestions?
 Thanks.
 
                 try {

            // get state variable
            long skipLen = session.getFileOffset();

            // argument check
            String fileName = request.getArgument();
            if (fileName == null) {
                session
                        .write(new DefaultFtpReply(
                                        
 FtpReply.REPLY_501_SYNTAX_ERROR_IN_PARAMETERS_OR_ARGUMENTS,
                                        STOR 
 REPLY_501_SYNTAX_ERROR_IN_PARAMETERS_OR_ARGUMENTS));
                return  FtpletResult.SKIP;
            }

 //            // 24-10-2007 - added check if PORT or PASV is issued, see
 //            // https://issues.apache.org/jira/browse/FTPSERVER-110
 //            DataConnectionFactory connFactory = session.getDataConnection();
 //            if (connFactory instanceof IODataConnectionFactory) {
 //                InetAddress address = ((IODataConnectionFactory) 
 connFactory)
 //                        .getInetAddress();
 //                if (address == null) {
 //                    session.write(new DefaultFtpReply(
 //                            FtpReply.REPLY_503_BAD_SEQUENCE_OF_COMMANDS,
 //                            PORT or PASV must be issued first));
 //                    return;
 //                }
 //            }

            // get filename
            FtpFile file = null;
            try {
                file = session.getFileSystemView().getFile(fileName);
            } catch (Exception ex) {
                System.out.println(Exception getting file object+ ex);
            }
            if (file == null) {
                session.write(new DefaultFtpReply(
                        FtpReply.REPLY_550_REQUESTED_ACTION_NOT_TAKEN,
                        STOR.REPLY_550_REQUESTED_ACTION_NOT_TAKEN));
                return FtpletResult.SKIP;
            }
            fileName = file.getAbsolutePath();

            // get permission
            if (!file.isWritable()) {
                session.write(new DefaultFtpReply(
                        FtpReply.REPLY_550_REQUESTED_ACTION_NOT_TAKEN,
                        STOR.REPLY_550_REQUESTED_ACTION_NOT_TAKEN));
                return FtpletResult.SKIP;
            }

            // get data connection
            session.write(
                   new DefaultFtpReply(
                            FtpReply.REPLY_150_FILE_STATUS_OKAY, 
 STOR.REPLY_150_FILE_STATUS_OKAY))
 //               .awaitUninterruptibly(1)
                                ;

            DataConnection dataConnection;
            try {
                dataConnection = session.getDataConnection().openConnection();
            } catch (Exception e) {
                session.write(new DefaultFtpReply(
                        FtpReply.REPLY_425_CANT_OPEN_DATA_CONNECTION, 
 STOR.REPLY_425_CANT_OPEN_DATA_CONNECTION
                        ));
                return FtpletResult.SKIP;
            }

            // transfer data
            boolean failure = false;
            OutputStream outStream = null;
            try {
                outStream = file.createOutputStream(skipLen);
                                final int writelimit = 2048;
                long transSz = dataConnection.transferFromClient(
                                        session, new FilterOutputStream( 
 outStream){
                                        private  int 

Re: How to limit file upload and download to a set of directories.

[David Latorre]

I'm sure there are other solutions but this one works  for us :

  You should create a custom FTPLet that intercepts the calls to
STOR, STOU, APPE (the commands that signal a file upload) before
they are issued. This is done implementing the beforeCommand() method
of the FTPLet interface.

In this beforeUpload() method you would check that the  path to the
file-to-be-created matches the
/projects/project/media/upload/filename pattern and otherwise
throw an error.

Something like this:

public FtpletResult beforeCommand(FtpSession session, FtpRequest request)
throws FtpException, IOException {
String command = request.getCommand().toUpperCase();
if (STOR.equals(command) || STOU.equals(command) ||
APPE.equals(command) ){

   FileSystemView fsview = session.getFileSystemView();
FtpFile fObject =  fsview.getFile(request.getArgument());
String absolutePath = fObject.getAbsolutePath();


 if (!canUpload(absolutePath) ) {
DefaultFtpReply ftpReply = new
DefaultFtpReply(FtpReply.REPLY_550_REQUESTED_ACTION_NOT_TAKEN,
Permission denied. The incoming directory is upload/);
session.write(ftpReply);
return FtpletResult.SKIP;
  }
}
return FtpletResult.DEFAULT;
}

Please note that I just wrote the code and I haven't compiled it.

The canUpload method would check if the path is valid.  If you needed
the Absolute Path relative to the real file system and not FTPServer
file system view, you can get the underlying File object with
NativeFtpFile.




2009/10/21 John Wilkinson john_wilkin...@xyratex.com:
 Hi David,

 Yes, I think I would use FTPServer, as this would fit into my java web
 service.

 The file system would look like this:

 /projects/ProjName/MediaName/upload

 There would be many projName and MediaName directories. The upload dir
 would be a temp dir, created by the web service, created just so a user
 can upload a file. Once uploaded, the web service would take over, check
 the file MD5, and if OK, move it to the correct location, and delete the
 upload dir.

 So the FTP server just needs to limit uploads to /projects/*/*/upload, I
 guess, at least as a first stab.

 How do I make an FTPLet to do that? Me being very green on all this.

 Does this make any sense, or is there a better way?

 Many regards,
 John.



 -Original Message-
 From: David Latorre [mailto:dvl...@gmail.com]
 Sent: 21 October 2009 10:56
 To: ftpserver-users@mina.apache.org
 Subject: Re: How to limit file upload and download to a set of
 directories.

 Hello John,

 Do you mean with Apache FTPServer? How would relate this upload
 directory to the user home root?  Do you need to still have access to
 several other directories in the same tree?

 You could use a custom FTPLet for this (or even a filesystem
 implementation) but you'll have to figure out how to 'inform the
 FTPLet' of what the allowed directory is.


 2009/10/21 John Wilkinson john_wilkin...@xyratex.com:
 Hi,

 In my web service I want the user to only be able to upload files to
 an
 upload directory, which is created on the fly in response to an upload
 request from the client.

 On receiving the upload request the web service makes a new directory
 called upload, and sends the URI back to the client. The client then
 is
 able to use this URI to upload files to that directory only.

 I need to be able to limit this access to only this directory. How do
 I
 do that?





 Many regards,

 John.






 __
 This email may contain privileged or confidential information, which
 should only be used for the purpose for which it was sent by Xyratex. No
 further rights or licenses are granted to use such information. If you
 are not the intended recipient of this message, please notify the sender
 by return and delete it. You may not use, copy, disclose or rely on the
 information contained in it.

 Internet email is susceptible to data corruption, interception and
 unauthorised amendment for which Xyratex does not accept liability.
 While we have taken reasonable precautions to ensure that this email is
 free of viruses, Xyratex does not accept liability for the presence of
 any computer viruses in this email, nor for any losses caused as a
 result of viruses.

 Xyratex Technology Limited (03134912), Registered in England  Wales,
 Registered Office, Langstone Road, Havant, Hampshire, PO9 1SA.

 The Xyratex group of companies also includes, Xyratex Ltd, registered
 in Bermuda, Xyratex International Inc, registered in California, Xyratex
 (Malaysia) Sdn Bhd registered in Malaysia, Xyratex Technology (Wuxi) Co
 Ltd registered in The People's Republic of China and Xyratex Japan
 Limited registered in Japan.
 __

 __
 This email may contain privileged or confidential information

Re: IODataConnection.getDataInputStream()

[David Latorre]

2009/10/13 Niklas Gustavsson nik...@protocol7.com:
 On Tue, Oct 13, 2009 at 6:21 AM, Charles Karow char...@karow.com wrote:
 I am using ftpserver to provide a standard way for people to upload files to
 a bucket on Amazon's S3 service. My users will always be uploading files
 in binary mode. I am using code from Amazon that takes an InputStream and
 uses it to stream the data to Amazon's servers. Amazon's code does not
 expose an OutputStream.

 transferFromClient takes an OutputStream and I do not have access to an
 OutputStream.

 Sounds like this could be solved by an adapter stream which gets
 written to by DataConnection and is read by S3. Or I might be missing
 something?

 This is I what I first thought but I think this might imply  several
risks in terms of performance, or the need to store the whole
transferred file locally (be it in memory or disk). This is of course,
if he cannot use PipedStreams.

I may not be thinking correctly now but for a solution:

-  If you are using different threads for the FTP transfer and the
transfer to Amazon I guess you could use PipedStreams with our current
code (I haven't looked at it actually).

 - Otherwise, maybe someone on this list can tell us what their
approach is. I think some of them are using S3.

If no one comes up with a solution for this, i don't think we should
dismiss the possibility of exposing the input stream,  what do you
think niklas?

Re: FtpServer hitting its limit?

[David Latorre]

I see Niklas and Sai are already helping you out but just in case ...
Which version of Apache Ftpserver are you using? We had some issues
with passive data transfers ( related to SSL connections). Are you
using plain or SSL connections?


As Niklas said, netstat -an report would be of much help. You can of
course mask the ip-addresses if   you want to keep private
information private :-) Still, if you saw something like thousands of
connections in fin_wait2 status  - it is clear that there's a problem
somewhere ( In this case, I think you just need to upgrade to latest
version).
Depending on your FtpServer version, upgrading the Sun jvm to 1.6.12+
version  couldalso  be a solution for you.





2009/10/8  a...@safe-mail.net:
 Hi.

 I have an issue with apache FtpServer.
 It's set to use passive mode, and it looks like all of the ports are being 
 used, which stops any new connections from being connected and the whole ftp 
 server just hangs. If you try to connect it just reaches time out.

 Here what I get after this happens, in the log:

 [ INFO] 2009-10-08 09:04:44,347 [] [65.75.250.58] CREATED
 [ INFO] 2009-10-08 09:04:44,753 [] [64.90.174.226] CREATED
 [ INFO] 2009-10-08 09:04:45,284 [] [72.89.239.125] CREATED
 [ INFO] 2009-10-08 09:04:45,909 [] [195.14.162.97] CREATED
 [ INFO] 2009-10-08 09:04:47,018 [] [85.225.141.116] CREATED
 [ INFO] 2009-10-08 09:04:47,909 [] [38.99.250.2] CREATED
 [ INFO] 2009-10-08 09:04:48,268 [] [114.111.139.57] CREATED
 [ INFO] 2009-10-08 09:04:48,972 [] [80.34.69.143] CREATED
 [ INFO] 2009-10-08 09:04:49,456 [] [111.67.83.18] CREATED
 [ INFO] 2009-10-08 09:04:49,472 [] [202.150.209.90] CREATED
 [ INFO] 2009-10-08 09:04:49,472 [] [118.243.143.178] CREATED
 [ INFO] 2009-10-08 09:04:49,550 [] [81.247.77.182] CREATED
 [ INFO] 2009-10-08 09:04:49,768 [] [220.236.247.154] CREATED
 [ INFO] 2009-10-08 09:04:50,347 [] [79.172.211.17] CREATED
 [ INFO] 2009-10-08 09:04:50,550 [] [174.133.32.49] CREATED
 [ INFO] 2009-10-08 09:04:50,565 [] [81.247.77.182] CREATED
 [ INFO] 2009-10-08 09:04:51,612 [] [75.127.87.129] CREATED

 And it's just keeps going on like that.

 I have about 1000 connections every 5 minutes which creates about 35gb of 
 daily incoming traffic, so I think I'm hitting the limit of the apache 
 FtpServer. How can I avoid it? Is there a workaround?

 Also, since only one connection is allowed per port, is there a way to 
 virtually increase the number of ports to allow more simultaneous connections?

 Thanks.

Re: Failed to open passive data connection

[David Latorre]

This is strange .

Our codebase has changed a lot since incubator and actually I'm not
familiar with your version, but i'd say that support for port-reuse in
passive mode was just recently added. Are you sure that your stress
tests do actually use passive mode rather than active?

I think Niklas has fixed several issues with passive connections, so
he might be able to give you a diagnosis ... Otherwise I would ask
for:
 - A log file in DEBUG mode ( Basically I'd like to see the ports and
ips being used)
 - The configuration you're using ( port-range etc.)
 - I wonder if you keep the source code of the version you're using ,
or at least, can give us a specific version so we can try to get the
sources.

If i had to make a wild guess, taking into account you're using   100
servers! (I guess several of them are linux servers, right? not only
the one which is failing ...)  I'd suggest that you ran out of
available socket descriptors or that the port FtpServer is trying to
use for the data transfer is already in use.

Anyway, there should be something going on there as there are quite a
few connections in CLOSE_WAIT  mode- i guess they aren't being closed
properly.




2009/6/9 Gérard Frédéric frederic.ger...@atosorigin.com:
 Thanks Sai

 Arrrh I don't think it's the reason
 Stress benths have been done on several Os with this configuration, with many 
 concurrent transfers, and there were no any problem
 Here we test only from on client, without concurrent transfers (so just one 
 passive port is used once)
 More precisely, the server hangs after 2 issues, and a lsof shows none 
 passive ports are in use
 We use ftpserver in more than 100 servers, we observe this only on a lfs 
 32bit linux server, jre5u9 (no ssl issue about it)
 Do you think it could an unstable behavior of a firewall ?
 Maybe these logs and lsof could help you :


 SERVER LSOF
 [r...@mmut01] /usr/local/aft/log]# lsof -p 22135
 COMMAND   PID USER   FD   TYPE     DEVICE     SIZE       NODE NAME
 java    22135 root  cwd    DIR      104,3     4096     249675 /usr/local/aft
 java    22135 root  rtd    DIR      104,1     4096          2 /
 java    22135 root  txt    REG      104,3    64248      67715 
 /usr/java/jdk1.5.0_09/bin/exec/java
 java    22135 root  mem    REG      104,3    25000      67866 
 /usr/java/jdk1.5.0_09/jre/lib/i386/libnio.so
 java    22135 root  mem    REG      104,3    71732      67865 
 /usr/java/jdk1.5.0_09/jre/lib/i386/libnet.so
 java    22135 root  mem    REG      104,3    28694     249721 
 /usr/local/aft/lib/aft.jar
 java    22135 root  mem    REG       0,13   124724    2197211 
 /LOCAL/classes/jar/xerces/xml-apis-2.6.2.jar 
 (dmz-data01:/vol/vol0/LOCAL_classes)
 java    22135 root  mem    REG      104,3   232168     249722 
 /usr/local/aft/lib/aftd.jar
 java    22135 root  mem    REG      104,3   300128     249723 
 /usr/local/aft/lib/backport-util-concurrent31.jar
 java    22135 root  mem    REG      104,3    79441     249724 
 /usr/local/aft/lib/ftp4che071gen15.jar
 java    22135 root  mem    REG      104,3    14119     249725 
 /usr/local/aft/lib/ftplet-aftd.jar
 java    22135 root  mem    REG      104,3   391834     249726 
 /usr/local/aft/lib/log4j-1.2.15gen15.jar
 java    22135 root  mem    REG      104,3   276847     249727 
 /usr/local/aft/lib/mina-core-1.0.8.jar
 java    22135 root  mem    REG      104,3    16094     249728 
 /usr/local/aft/lib/mina-filter-ssl-1.0.8.jar
 java    22135 root  mem    REG      104,3    15345     249729 
 /usr/local/aft/lib/slf4j-api-1.4.3gen15.jar
 java    22135 root  mem    REG      104,3     8601     249730 
 /usr/local/aft/lib/slf4j-log4j12-1.4.3gen15.jar
 java    22135 root  mem    REG      104,3     7991     249731 
 /usr/local/aft/lib/sysmm-1-1-0b1.jar
 java    22135 root  mem    REG      104,3   175811      67798 
 /usr/java/jdk1.5.0_09/jre/lib/ext/sunpkcs11.jar
 java    22135 root  mem    REG      104,3   158417      67797 
 /usr/java/jdk1.5.0_09/jre/lib/ext/sunjce_provider.jar
 java    22135 root  mem    REG      104,3   802388      67796 
 /usr/java/jdk1.5.0_09/jre/lib/ext/localedata.jar
 java    22135 root  mem    REG      104,3     8176      67795 
 /usr/java/jdk1.5.0_09/jre/lib/ext/dnsns.jar
 java    22135 root  mem    REG      104,3  1037385      67794 
 /usr/java/jdk1.5.0_09/jre/lib/ext/bcprov-jdk15-131.jar
 java    22135 root  mem    REG      104,3  8843542      67785 
 /usr/java/jdk1.5.0_09/jre/lib/charsets.jar
 java    22135 root  mem    REG      104,3    81946      67906 
 /usr/java/jdk1.5.0_09/jre/lib/jce.jar
 java    22135 root  mem    REG      104,3   542560      67907 
 /usr/java/jdk1.5.0_09/jre/lib/jsse.jar
 java    22135 root  mem    REG      104,3 39935094      67936 
 /usr/java/jdk1.5.0_09/jre/lib/rt.jar
 java    22135 root  mem    REG       0,13    27052    6111554 
 /LOCAL/classes/jar/jaxp/jaxp-api-1.2.jar (dmz-data01:/vol/vol0/LOCAL_classes)
 java    22135 root  mem    REG       0,13  1010675    2197212 
 /LOCAL/classes/jar/xerces/xercesImpl-2.6.2.jar 

Re: Overriding XML configuration from system properties

[David Latorre]

Yeah it's a same that because of different issues none of them,
PropertyPlaceholder nor PropertyOverriden will work :-S



2009/5/31 Niklas Gustavsson nik...@protocol7.com:
 On Sun, May 31, 2009 at 12:06 AM, Niklas Gustavsson
 nik...@protocol7.com wrote:
 On Fri, May 29, 2009 at 7:17 PM, Roger Marshall
 roger.marsh...@aetopia.com wrote:
 My first question is whether there is actually valid set of properties file
 entries that would work with the first version of ftpserver.xml (the one
 using the http://mina.apache.org/ftpserver/spring/v1 schema)?

 We do not currently support property based configuration (I personally
 find this a major gap since I'm a big user of property replacement
 with Spring). However, there is an issue reported
 (https://issues.apache.org/jira/browse/FTPSERVER-282) that we plan on
 fixing for 1.1. Not waiting for 1.1, I think your solution is the best
 available. I'm not very familiar with the problem your having so I do
 not have any more input than the excellent reply you already received
 from David.

 I should also have noted that you can used a
 .PropertyPlaceholderConfigurer in which case you can choose the
 property name yourself. However, as FTPSERVER-282 points out, if using
 our custom schema, you will not be able to use this for numeric
 values, instead you would have to use the standard Spring bean tags.

 /niklas

Re: STOR a temporary file

[David Latorre]

2009/5/13 Sai Pullabhotla sai.pullabho...@jmethods.com:
 No, client does not send the checksum to the server, instead it asks the
 server for the checksum of a file. The server calculates the checksum and
 returns it. The client would then compare the checksum to its own calculated
 checksum.

 See the link below for more information:

 http://cwiki.apache.org/FTPSERVER/draft-twine-ftpmd5-00.html

 I just want to point out that using ASCII mode to transfer files may result
 in checksum mismatch depending on the client and server platforms and the
 data being transferred.

Sure, I forgot to mention that. This is one of the reasons why I
deeply dislike ASCII mode and avoid it altogether .

 Sai Pullabhotla
 www.jMethods.com



 On Wed, May 13, 2009 at 8:21 AM, Dan d...@tipjarawards.com wrote:

 Could we get more information on using MD5 to ensure data integrity?
 Doesn't
 the client have to send the hash value at some point during the transfer,
 when would this be done?

 The way I would see it:

 1. Calculate MD5 hash for the file
 2. Upload the file

 When does the client send the MD5 hash to the server?

 Dan

 -Original Message-
 From: Niklas Gustavsson [mailto:nik...@protocol7.com]
 Sent: May-13-09 6:52 AM
 To: ftpserver-users@mina.apache.org
 Subject: Re: STOR a temporary file

 On Wed, May 13, 2009 at 12:44 PM, David Latorre dvl...@gmail.com wrote:
  If the client renamed the file itself when  the upload finished, you'd
  be sure that it had been successfully written ( Besides, you can use
  MD5 checks for data integrity).

 This is the strategy I've always used when I have automated FTP transfers
 (eg. application to application integration). I highly recommend it. If the
 server you're using doesn't support the MD5 commands, you can at least
 check
 the file length from the client.

 /niklas

Re: STOR a temporary file

[David Latorre]

2009/5/13 Fred Moore fred.moor...@gmail.com:
 Hi David,

 in you previous post you stated:

 There's no way to know (at the server side) if the file has been
 transferred correctly. When the data connection is closed,
 the server thinks the file transfer finished correctly
 but this must not be the case.

 This is something of the utmost importance for FTP in general and FTP used
 in a business context in particular: can you expand a bit on that?

There are several modes of operation in FTP, of those the only one
that is always implemented (while the other ones hardly ever are) is
STREAM mode. In this mode, the data is sent as an unstructured stream
of bytes carrying no other information such as the End Of File.

So , in this mode, it is considered that a file transfer has been
completed when the data connection is closed. But, of course, it is
possible that the connection be closed before the file sending has
been complete. As an example, you can start uploading a file  with
Filezilla and then select : Stop and delete all ( I have a localized
version, it should say something similar to that). The connection will
be closed and then the FTPServer will think the file arrived
correctly.

If the client renamed the file itself when  the upload finished, you'd
be sure that it had been successfully written ( Besides, you can use
MD5 checks for data integrity).




 Is this stemming from a limitation of the FTP wire-format as described in
 RFCs (e.g. no reliable file size provided by the client upfront)?

 If so: do you know of FTP clients that play ball with the server and
 severe the data connection is a way that surfaces as an error on the server
 (which can then use this condition as an indication of likely file
 truncation)?

 Cheers,
 F.

Re: STOR a temporary file

[David Latorre]

2009/5/12 massimiliano basilica massimiliano.basil...@yahoo.it:
 HI all,
 I'm using FTPServer 1.0.I need that the FTPServer stores a file with a 
 temporary file extention and  rename it with originally file name.The 
 scenario is:The Client sends the file FirstFile.txt (put FirstFile.txt).The 
 FTPServer must store it as FirstFile.txt.tmp. When the uploading is 
 completed, the FTPServer must rename it as FirstFile.txt.All must 
 be transparent to the Client, it can't use the command

Hello massimiliano,

I have implemented something like that and it's kinda working but see
several potential problems:

 - There's no way to know (at the server side) if the file has been
transferred correctly. When the data connection is closed, the server
thinks the file transfer finished correctly but this must not be the
case. Thus, the file could be renamed to it's final name even though
the connection was aborted - you end up with an uncomplete file.

 - Currently the onUploadEnd ftplet method will be executed after the
response to the client is sent. So if the file-rename fails the client
wouldn't know that anything happened. If this is a problem for you
(most likely) you should use your own STOR method. Otherwise, you can
use onUploadStart() ftpLet method for the first rename and onUploadEnd
for the final one.

Since we had this implemented before the change in ftpets what I did
is to provide my own STOR method which is an exact copy of Ftpserver's
implementation but adding a call to  the rename-to-.txt method  in
the Ftplet before the response is written to the session.

Re: Users and their permissions

[David Latorre]

2009/5/7 Simone Giannecchini simbo...@gmail.com:
 Ciao Sai,
 thanks for the feedback, but I am already doing that in my custom
 UserManager I load users from a db table and I create BaseUsers
 instances on the fly, setting the Home Directory correctly, however as
 I log in with one of my user the cwd is set to the root ftp dir. I
 check how the NativeFileSystem gets created and that seems to be the
 default behavior. I admit that I did investigate too much yet, so I
 might have made some other mistakes along the line. Any other
 suggestions?

If you are using the NativeFileSystem implementation there's not even
a place where you configure a rootDir, from NativeFileSystemView:

  String rootDir = user.getHomeDirectory();

So unless you're using a different Filesystem implementation I'd say
you're good to go. Actually, you cannot configure a FTP root dir
anywhere!





 Simone.
 ---
 Ing. Simone Giannecchini
 GeoSolutions S.A.S.
 Owner - Software Engineer
 Via Carignoni 51
 55041  Camaiore (LU)
 Italy

 phone: +39 0584983027
 fax:      +39 0584983027
 mob:    +39 333 8128928


 http://www.geo-solutions.it
 http://simboss.blogspot.com/
 http://www.linkedin.com/in/simonegiannecchini

 ---



 On Thu, May 7, 2009 at 8:58 PM, Sai Pullabhotla
 sai.pullabho...@jmethods.com wrote:
 The BaseUser class has a home directory and users are restricted to that
 directory. So, all you have to do is set the home directory of the user to
 the appropriate directory.

 Sai Pullabhotla
 Phone: (402) 408-5753
 Fax: (402) 408-6861
 www.jMethods.com



 On Thu, May 7, 2009 at 12:58 PM, Simone Giannecchini 
 simbo...@gmail.comwrote:

 Dear List,
 I am pretty new to the apache ftp server, but so far I can say that it
 look great.

 I am trying to wire it up within my own app. I already hooked up my
 own usermanager.
 My question now is, there is a simple way to limit user to their own
 home directory. I don't want users to be able to navigate to other
 user's home dirs.

 Thx,
 Simone.
 ---
 Ing. Simone Giannecchini
 GeoSolutions S.A.S.
 Owner - Software Engineer
 Via Carignoni 51
 55041  Camaiore (LU)
 Italy

 phone: +39 0584983027
 fax:      +39 0584983027
 mob:    +39 333 8128928


 http://www.geo-solutions.it
 http://simboss.blogspot.com/
 http://www.linkedin.com/in/simonegiannecchini

 ---

Re: mulite language support for the name of the file been uploaded

[David Latorre]

2009/4/19 fayan li lifa...@gmail.com:
 Hi David
 Thanks for your reply.

 Strange enough, I use filezila too. And the upload success while I tried on
 another an ftpd server running on redhat. I see the log, seems the file
 upload is succed, but failed when trying to write the file out to disk on
 server side. May be it is caused by the windows 2008 server( Eng version).


Can you include the portion of the log file related to your problem?
Besides that, you can force UTF-8 mode in Filezilla client, i don't
know if  it will help, but it won't hurt.

Does your windows 2008 server allow you to create the very same
filename with the typical   right click ... New file ...?



 I will try to find out.

 Regards,
 Ryan.

Re: mulite language support for the name of the file been uploaded

[David Latorre]

Hello li fayan,

This issue has been discussed extensively before. Currently, as spec
mandates, you need to use an UTF-8 compatible client in order to use
chinese characters.
We should provide an alternative mechanism for 'broken' client that do
not support UTF-8 but meanwhile I use Filezilla and it works nicely.
BTW, commons-ftp in case you're using it, does support UTF-8

2009/4/18 fayan li lifa...@gmail.com:
 Dear all

 I meet some error while trying to upload files  which name contains chinese
 charactors. Is it a bug  or i need some further config for the ftp server?

 Environment of my server is as following.
 server windows 2008(eng)
 jdk 1.6
 intel x64 cpu

 Thanks in advance.

 Ryan (li fayan)

Re: Possible DefaultFtpStatistics Bug.

[David Latorre]

Uh,
I meant, the null value is returned from IoSession.getRemoteAddress()

2009/4/14 David Latorre dvl...@gmail.com:
  It seems that the NPE is being thrown in ioSession.getRemoteAddress() right?


 2009/4/14 Niklas Gustavsson nik...@protocol7.com:
 We should never throw NPEs so this is clearly a bug in FtpServer.
 Could you please open a JIRA issues with the stacktrace and further
 details (also the test case if possible)?

 /niklas

 2009/4/14 Ulysess Lee 李宇光 uking...@gmail.com:
 Hi,
When I write a Testcase to make a proformance test for Apache ftp server,
 and I only use ONE ftp account in many threads to upload different files, 
 then after about 10 users loged in,
 it throws exception:


[2009-04-14 09:30:52,973] [WARN ] DefaultFtpHandler [t...@bbapp.net] 
 [125.88.130.8] - RequestHandler.service()
 java.lang.NullPointerException
at 
 java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:768)
at 
 org.apache.ftpserver.impl.DefaultFtpStatistics$UserLogins.loginsFromInetAddress(DefaultFtpStatistics.java:90)
at 
 org.apache.ftpserver.impl.DefaultFtpStatistics.getCurrentUserLoginNumber(DefaultFtpStatistics.java:259)
at org.apache.ftpserver.command.impl.USER.execute(USER.java:152)
at 
 org.apache.ftpserver.impl.DefaultFtpHandler.messageReceived(DefaultFtpHandler.java:169)
at 
 org.apache.ftpserver.listener.nio.FtpHandlerAdapter.messageReceived(FtpHandlerAdapter.java:65)

 most likey a thread lock problem?

Re: Maximum login connections: 421

[David Latorre]

AKAIK, idleTime should not be a problem. It is true that
ConcurrentLoginPermission() is not in our public API ( you can always
get the source code though, with only the tests you'll learn a big
deal about FtpServer) , the constructor is this:

  public ConcurrentLoginPermission(int maxConcurrentLogins,
int maxConcurrentLoginsPerIP) {
this.maxConcurrentLogins = maxConcurrentLogins;
this.maxConcurrentLoginsPerIP = maxConcurrentLoginsPerIP;
}

So in your case you should haveauthorities.add(new
ConcurrentLoginPermission(8, 4)); to limit the target user to 8
connections with 4 from the same IP adress.

I still think you may need to check how many connections are actually
established! Can you provide us with a 'new log file' in DEBUG mode
reproducing your issue?




2009/4/3 Dan d...@tipjarawards.com:
 I set the concurrent logins as follows:

                ListAuthority authorities = new ArrayListAuthority();

                authorities.add(new WritePermission());
                authorities.add(new ConcurrentLoginPermission(4, 8));
                authorities.add(new TransferRatePermission(0, 0));

                setAuthorities(authorities);

                setMaxIdleTime(0);

 Is there a problem with the setMaxIdleTime? Otherwise I assume I am setting
 the logins to be a max of 4..or 8, I am not sure since my javadocs don't
 include ConcurrentLoginPermission info!

 Thanks,

 Dan

 -Original Message-
 From: David Latorre [mailto:dvl...@gmail.com]
 Sent: April-03-09 1:43 PM
 To: ftpserver-users@mina.apache.org
 Subject: Re: Maximum login connections: 421

 Hello Dan,

  You also set maximum connections per user in the UserManager ... what value
 did you use in order to configure that? And when FTP Clients open several
 connections, they log you in for each of those connections ...  until we
 have an equivalent to admingui which allowed us to monitor all the
 connections you can see if DEBUG log level will help you to find out what's
 your exact problem; otherwise you can use a ftplet that gets triggered
 before USER command or something like that :-) And, of course, you can
 debug the server




 2009/4/3 Dan d...@tipjarawards.com:
 I agree, but the docs say Maximum Logins, not Maximum Connections.

 Hopefully there are just logins that aren't being closed properly
 over time, although I don't know how to find this out. There should be
 a way to get status on all logins from the manager, I'm going to keep
 looking.

 -Original Message-
 From: Steve Winter [mailto:st...@bluecrocodile.co.nz]
 Sent: April-03-09 11:09 AM
 To: ftpserver-users@mina.apache.org
 Subject: Re: Maximum login connections: 421

 Hi Dan,

 I know that many ftp clients will open multiple simultaneous
 connections to a server, so it may be that there are 4 people logged
 in, each of them with
 8 connections open, which may account for this...??

 Just a random thought...

 Cheers
 Steve


 On 3 Apr 2009, at 15:05, Dan wrote:

 I am getting:

 WARNING: SENT: 421 Maximum login limit has been reached.

 I have set the connection configuration as follows:

 ConnectionConfigFactory connectionConfigFactory = new
 ConnectionConfigFactory(); connectionConfigFactory.setMaxLogins(32);

 The thing is there aren't even close to 32 people logged in right
 now, are there known bugs with having hanging connections etc. that
 could cause this?

 Any hints to help debug this in the future?

 Thanks,

 Dan

Re: How to set timeout?

[David Latorre]

2009/2/3 Mohit Anchlia mohitanch...@gmail.com

 Thanks ..so I made the change to set default-idle-time to 300 secs.
 And then logged in as a client, ftp server didn't timeout even after 5
 mts of inactivity


What did you set the timeout-poll-inverval to? When dit the timeout occur?




 On Tue, Feb 3, 2009 at 3:12 AM, David Latorre dvl...@gmail.com wrote:
  2009/2/3 Ashish paliwalash...@gmail.com
 
  On Tue, Feb 3, 2009 at 2:38 PM, David Latorre dvl...@gmail.com wrote:
   Hello Mohit,
   My advice is to update to the latest version of FtpServer. A lot of
   improvements and bugfixes have been added since your version was
  released.
   From and old config file of mine i see this:
  
   config.connection-manager.default-idle-time=1000
   config.connection-manager.timeout-poll-inverval=60
 
  David, could you point me to the class where this handling is done.
  Is it in NioListener.java ?
 
  acceptor.getSessionConfig().setIdleTime(IdleStatus.BOTH_IDLE,
 getIdleTimeout());
 
 
  In our current code base, yes (He's using an older version). Although you
  can set an idle-timeout in the user manager too.
 
 
 
 
  Have you ever tried to set timeout greater than 60 sec (6)
  assuming the settings are in
  ms? So far the way I have experimented with MINA, couldn't make this
  work for longer timeout,
  without a workaround.
 
 
   From Mina javadoc: Sets idle time for the specified type of idleness in
  seconds.
  I haven't really tested this though - and Im not very familiar with Mina
  itself. I should do some research on this.
 
 
 
 
  Let me know your thoughts.
 
  thanks
  ashish
 
 

Re: symbolic links

[David Latorre]

2009/2/4 Francis De Brabandere franci...@gmail.com

 what is the url for these wiki's?

 On Wed, Feb 4, 2009 at 9:29 AM, Ashish paliwalash...@gmail.com wrote:
  On Wed, Feb 4, 2009 at 1:50 PM, Niklas Gustavsson nik...@protocol7.com
 wrote:
  On Wed, Feb 4, 2009 at 9:11 AM, Ashish paliwalash...@gmail.com wrote:
  Will we worthwhile, adding this info to wiki :-)
 
  Agreed, feel free :-)
 
  can't write to Ftp Server wiki, but shall add an entry in Related
  projects that we have for MINA
 
  - ashish
 



 --
 http://www.somatik.be
 Microsoft gives you windows, Linux gives you the whole house.

Re: Sent 421: Maximum login limit has been reached

[David Latorre]

Hello Dan,
 Max login per user are set using  authorities, an example from
DBUserManager:

 ListAuthority authorities = new ArrayListAuthority();
if (rs.getBoolean(ATTR_WRITE_PERM)) {
authorities.add(new WritePermission());
}

authorities.add(new ConcurrentLoginPermission(rs
.getInt(ATTR_MAX_LOGIN_NUMBER), rs
.getInt(ATTR_MAX_LOGIN_PER_IP)));
authorities.add(new TransferRatePermission(rs
.getInt(ATTR_MAX_DOWNLOAD_RATE), rs
.getInt(ATTR_MAX_UPLOAD_RATE)));


In this case you need ConcurrentLoginPermission but if users are going to
upload files you also need WritePermission.



2009/2/2 Dan d...@tipjarawards.com

 Have looked around Niklas I only see:

 setMaxLogins(int) - Method in class
 org.apache.ftpserver.ConnectionConfigFactory

 Where is the call to set the max logins by user? I don't see any methods
 for
 UserManager etc.

 Thanks,

 Dan

 -Original Message-
 From: Niklas Gustavsson [mailto:nik...@protocol7.com]
 Sent: February-02-09 5:07 PM
 To: ftpserver-users@mina.apache.org
 Subject: Re: Sent 421: Maximum login limit has been reached

 On Mon, Feb 2, 2009 at 10:16 PM, Dan d...@tipjarawards.com wrote:
  I am getting 421 Maximum login limit has been reached. Logs.
 
  Is there a way to setup a maximum login limit per user? Can't see in
  the docs where this is documented.

 Yes, this can be set both for the entire server, and per user. For example,
 if you're using the file based user manager, you can find examples of such
 files (including this setting) in the distribution.
 You can also find the full documentation of the format in the Javadocs. Let
 us know if you need further help!

 /niklas

Re: Unix filesystem

[David Latorre]

As Niklas said I think you should extend AbstractUserManager (or just
implement UserManager) Or are you using /etc/password for authentication and
you want to extract the user information from a database? It doesn't sound
very likely.
If you are starting FTPServer programatically, you will use FTPServerFactory
setUserManager method (the argument is the class you implemented) while if
you're using the Spring facility, you have to use the user-amanger tag ,
e.g:
user-manager
beans:bean class=full-name-of-your-class
beans:constructor-arg index=0 type=java.lang.String
value=whateverArgumentYouMayNeed/
/beans:bean
/user-manager



2009/1/20 Niklas Gustavsson nik...@protocol7.com

 On Tue, Jan 20, 2009 at 5:18 AM, Javi j...@valenciacf.org wrote:
  I want to modify DbUserManager in order to authenticate vs Linux
  password/shadow file, in order to create a custom authenticator how
 should
  I register my class?

 I would not recommend extending the DbUserManager in order to develop
 this user manager, instead have a look at extending
 AbstractUserManager. Are you looking into using JPam for this? Would
 you maybe be interested in donating such a solution back to the
 project?

  Additionally ftpd.sh runs as user root in order to have correct
  permissions to chown incoming files, and make the owner to the unix user
  who created them.

 Running a network server as root is never a good idea. I'm not sure
 how other FTP servers handle setting the correct ownership, but you
 could have a look at that. We do not support setting the owner of the
 files today, and before the JRE offers this, that is, when NIO2 ships.

  However I allways gets the files owned by the user running the Java
 process.
  Also when I display files they belong to user:group even if they are
 owned
  by other user:
 
  ftp ls
  200 Command PORT okay.
  150 File status okay; about to open data connection.
  dr-x--   3 user group0 Jan 18 23:56 A
  dr-x--   3 user group0 Jan 18 23:56 B
  dr-x--   3 user group0 Jan 18 23:56 C
  226 Closing data connection.
 
  Is possible to dislay files as real owner?

 hi

 /niklas

Re: Implicit SSL PROT level defaults to Clear

[David Latorre]

Hello Kevin,

As you already said we are following the RFC here and -although I admit that
makes little sense in these days- Sai is right that it is quite common to
have only the control channel encrypted: I even saw a client (gFtp maybe?)
that didn't support SSL for the data channel. And there are some servers
with the same limitation.

Sai's suggestions makes sense to me but It's possible to argue (let's wait
for Niklas's opinion here) that  having an option to  force SSL mode would
add little value to most users and core code would become a little more
bloated.

Right now you can get the DataChannel from the Session object in any FTPLet
and ask if isSecure() (something like that, Im on holidays using a public
computer :-) ) so you can implement a onBeforeCommand metod for PORT and
PASSIVE in your FTPLet that let you continue only if your channel is
secured.

 Currently I'm doing this myself, but just intercepting the STOR/STOU and
RETR commands. Other people is doing the very same thing, so maybe the could
send you an example.  If i were you I  wouldn't wait for an update only for
this, although we of course will think about implementing this option.











2008/12/17 Sai Pullabhotla sai.pullabho...@jmethods.com

 There are cases where a client/server just want a secure channel on
 the control connection (encrypt user name and password), but not the
 data itself. I don't think it is a good idea to change the default,
 but it would be nice to add a new option to the dataConnection to
 force SSL.

 Sai Pullabhotla
 Phone: (402) 408-5753
 Fax: (402) 408-6861
 www.jMethods.com




 On Wed, Dec 17, 2008 at 1:20 PM, Kevin Conaway kevin.cona...@gmail.com
 wrote:
  I apologize for replying to myself but I have some more thoughts.
 
  To me, the implied part of implicit SSL means that at the application
  level, the user isn't aware that the FTP session is being conducted over
  SSL.  Having to issue a PROT command to set the data protection level
  violates the spirit of that assumption.
 
  Perhaps this is just my limited imagination, but I'm having a hard time
  envisioning a scenario with implicit SSL where you would always want the
  control channel to be encrypted but not the data channel.  Isn't that
 what
  explicit FTPS is for?
 
  I have a patch ready that will force the data channel to secure mode if
  the Listener is in implicit mode but I'm not sure of the implications
 of
  making that switch.  Would it be permissible to at least have this
 available
  as a configuration option?
 
  Thanks
 
  On Tue, Dec 16, 2008 at 4:46 PM, Kevin Conaway kevin.cona...@gmail.com
 wrote:
 
  Although the definition of FTP with implicit SSL varies depending on
 who
  you ask, its my understanding that it means that the entire FTP session
 is
  conducted over TLS/SSL.
 
  If thats true, shouldn't the data channel default to the P or private
  setting?  As of now, it defaults to clear (which is the specified
 behavior
  in RFC 2228).
 
  I have FTP clients that are connecting over implicit SSL without issuing
  the PROT command.  When they go to transfer a file, FtpServer sets up a
  plain socket for the data channel instead of an SSL one and the transfer
  never completes.
 
  Would it be appropriate for the ServerDataConnectionFactory to have the
  secure property set to true by default if the session is using
 implicit
  SSL?
 
  Thanks
 
  Kevin Conaway
 
 

Re: Socket file descriptors leak leading to Too Many Files Opened using FTP/S on Linux?

[David Latorre]

Hey,

 Fred you should try the workaround proposed in security-dev:

In JSSE, you can layer a SSLSocket over an existing Socket.  That will
avoid SSLServerSocket creating the dummy Socket that is eventually
leaking the file descriptors.

 ServerSocket ss = new ServerSocket(port);
 Socket s = ss.accept();
 sslssf.createSocket(s, s.getInetAddress().getHostName(),
  s.getPort(), false);

and see if this solves your issue. The simplest thing I can think of is that
you try the provided test case and then the proposed workaround. If this
solves your issue, we might want to implement this as the standard
mechanism  to create SSLServerSockets as the JVM creates dummy sockets
anyway.




2008/12/11 Niklas Gustavsson nik...@protocol7.com

 Hey

 That bug seems pretty much exactly describing your problem. Can I make
 some assumptions, please verify them:
 * You only get this when running in passive mode
 * You get the same problem doing a connect - STOR - disconnect
 * You get the same problem doing a connect - RETR - disconnect

 Also, and this is kind of important, your wrote in your first email
 that your listing returned an empty list. Is this always the case? Do
 you see the leak when returning a non-zero size list?

 Looking at the workaround, we could certainly attempt using it, but
 first I would like to replicate the problem so we'll know the
 workaround will work for us. I'm on:
 $ java -version
 java version 1.6.0_10
 Java(TM) SE Runtime Environment (build 1.6.0_10-b33)
 Java HotSpot(TM) Server VM (build 11.0-b15, mixed mode)

 $ uname -a
 Linux niklas-laptop 2.6.27-9-generic #1 SMP Thu Nov 20 21:57:00 UTC
 2008 i686 GNU/Linux

 So, I should be affected. Would you be able to share the client test
 script you got?

 /niklas

 On Thu, Dec 11, 2008 at 8:51 PM, Fred Moore fred.moor...@gmail.com
 wrote:
  Niklas, David, All,
 
  here is an update on the problem we reported... more to come as we
 complete
  some additional tests tomorrow any HELP is welcome!
 
  During the last few days we kept narrowing down the debug scenario in
 order
  to have a more precise idea of this blocking problem shape  scope.
 
  Here are a few findings:
 
  1\ KO on Linux with Sun HotSpot J2SE 1.5.0_12 or higher
 
  2\ KO on Linux with Sun HotSpot J2SE 1.6.0_xx
 
  3\ OK on Linux with Sun HotSpot J2SE 1.5.0_11
 
  4\ KO on Windows with Sun HotSpot J2SE 1.5.0_15 or higher
  (procexplorer is showing a growing number of  File \Device\Afd\Endpoint
  which eventually will hit the max number in Windows too)
 
  5\ ?? on Windows with Sun HotSpot J2SE 1.5.0_11 (will test this tomorrow
 to
  ensure this JVM version is as safe on Windows as it is on Linux)
 
 
  The too many files open condition (or its Windows variant) is hit when
 we
  repeat a Connect, ListNames (NLST), Disconnect in a tight loop for about
 1
  hour, over FTP/S TLS/Explicit.
 
  Please notice that these other scenarios are OK:
 
  A\ Just connecting/disconnecting without issuing the NLST command
 
  B\ Using straight FTP connection
 
 
  The FTPServer codebase used for the test was M2-level with still some
 custom
  code (we had no time so far to setup a clean M4 env), but we still
 believe
  that the custom code is not related with the reported problem (and it's
  difficult to quickly evict it in our environment right now).
 
  We currently believe to have incurred in this JVM bug SSLServerSocket
 file
  descriptor leak:
  http://bugs.sun.com/view_bug.do?bug_id=6764972 :
 
  ---begin---
  File descriptors of TCP sockets are not released properly when using
  SSLServerSocket class ( especially with many instances ) on Linux
 systems.
 
  If a server application ( like Jakarta Tomcat ) runs very long time,
  this problem will cause a 'too many open files' error and a denial of
  the service.
  ---end---
 
 
  Given your very detailed knowledge of FTPServer source code and bug
 6764972
  description, do you think this might be the case?
  Can you suggest any patch / workaround for that?
 
  Any help at this stage is highly appreciated!
  Cheers,
  F.
 
  PS: speaking of workarounds this thread may/may not be relevant for the
 case
  at hand (look up leak  layer keywords):
 
 http://www.nabble.com/-security-dev-00402-:-Re:-NullPointerException-at%09sun.security.ssl.OutputRecord.writeBuffer-td20492154.html
 

Re: Socket file descriptors leak leading to Too Many Files Opened using FTP/S on Linux?

[David Latorre]

Hello Randy,
 I am using FTPServer embedded in glassfish with two listeners (implicit ssl
 explicit ssl/plain - although we forbid plain connections) and we are not
seeing this issue.

Since it is two of you already reporting this problem can you please
 elaborate a little more on :

  - Operating sytem and architecture (we are using CentOS 5.1 and RedHat
under Intel Xeon 64 bits)
  - Java version ( 1.6.10 64 bits here).
  - Any important modifications/additions to FTPServer?

Besides it would be great if you could test your setup using implicit ssl
instead of explicit, or only plain connections. Maybe it would help that
your tests were based on a 'minimalistic' fresh copy of FTPServer, so we can
trace this.





2008/12/9 Randy Prager [EMAIL PROTECTED]

 I think we are seeing something similar.

 We have 2 instances of FTPServer running, one embedded in tomcat and one in
 its own JVM.

 Both appear to hold onto socket descriptors (lsof reports can't iden
 protocol) ... eventually leading to
 too many open files.

 We are continuing to investigate to confirm it is an FTP server issue.
  This
 problem has only occurred recently
 and we suspect it is the result of a new pattern of client connections or
 connection type (we support both FTP and FTP-TLS).

 We are not sure why lsof would report the can't iden protocol as opposed
 to TCP ...

 Our environment is LINUX SLES-10 J2SE 1.6.

 Here is a sample config:

 listeners
nio-listener
 name=default
 port=
 implicit-ssl=false
 idle-timeout=60
 local-address=X
ssl
keystore file=classpath:X.jks password=X/
/ssl
data-connection idle-timeout=60
active enabled=false local-address=X
 local-port=XX/
passive ports=X address=X
 external-address=/
/data-connection
blacklist
/blacklist
/nio-listener
/listeners

 - Randy

 On Tue, Dec 9, 2008 at 10:18 AM, Niklas Gustavsson [EMAIL PROTECTED]
 wrote:

  On Mon, Dec 8, 2008 at 8:32 PM, Fred Moore [EMAIL PROTECTED]
 wrote:
   on linux we noticed that a number of file descriptors associated with
   sockets are leaked when using FTP/S TLS/Explicit as we serve connect
 and
   disconnects (and -- possibly - LIST commands returning empty lists)
   eventually leading to a Too Many Files Opened condition as we hit th
  1024
   file descriptor limit in /proc.
 
  To make sure I understand you correctly:
  * Do you only see this when running in SSL/TLS explicit mode? If
  running without SSL/TLS or in implicit mode, do you get the same
  behavior?
  * You only see this when doing LIST? If you only do
  connect-disconnect, you don't get the problem? If doing a STOR or
  RETR, do you get the problem?
  * Do you only get the problem when returning an empty LIST?
 
  [snip]
 
   Has anyone seen this before?
 
  Not really no, but I haven't really pushed it on very specific cases
  like this. However, if we can nail it down to a repeatable test case,
  I'm willing to try debugging it.
 
  /niklas
 

Re: Active vs Passive performance

[David Latorre]

Steve,
1.5 and 1.6 JREs and Windows Vista have had several issues and I guess there
are more to be fixed. (For instance, just this week I had to update to
1.6.0_7 in order to have Socket.getLocalAddress() return the correct IP
address - it didn't in 1.6.0_6)
I expected that 1.5.0_16 included all the available bugfixes. Otherwise,
they'll have to release  a new version, I hope that will be soon.

Taking this into account, are you using Vista in your JRE 1.5 system or
just in your  development machine? A five second delay between the PORT
command and the responde code is something much more people would have
noticed and I think it didn't happen with my Linux  server and JRE 1.5.0_15.
So it is quite possible that it is a Vista-only issue; my advice is (in case
your server is not  a Vista machine)   that you test this behaviour again in
your target OS.

As niklas said, probably there's little we can do here, but waiting for sun
to fix these issues.  Anyway let us know if you find a workaround! For data
connections we are not using MINA but regular synchronous sockets so the
code can be easily read or traced :)

cheers,
david





2008/11/7 Niklas Gustavsson [EMAIL PROTECTED]

 On Fri, Nov 7, 2008 at 4:16 PM, Steve Luebbe [EMAIL PROTECTED] wrote:
  Well I have good and bad news to report.  The good news is that we found
 out
  why the active connection speed is slower.  The bad news is that it
 relates
  to the version of JRE you are running.
  With 1.5.0_16 JRE:
  1) Active connections are extremely slow
  2) If you browse a remote site and keep changing directories over and
 over
  (ls) it will actually stop responding after  20+ commands or so.
 
  With JRE 1.6.0_07 everything seems to be working fine.

 Oh, that likely means that there might be limited ways for us to fix
 this, but we might find a workaround. Let's keep the bug report open
 and we'll see if we can reproduce the problem.

 /niklas

Re: Active vs Passive performance

[David Latorre]

Hello,
 This is a very odd behaviour indeed. Any way, we should congratulate
ourselves that Apache FtpServer might perform as well as GlobalScape.
Although it seems that globalscape can do much more things than us.

How are you sending the files? It would be great if you could provide a test
case (e.g., using commons net ftp) so other people can check this behaviour
in their environment.

David


2008/11/7 Erik Morton [EMAIL PROTECTED]

 I have observed similar results but I haven't tested it like this yet.


 On Nov 6, 2008, at 5:30 PM, Steve Luebbe [EMAIL PROTECTED] wrote:

  So, I've done a lot additional testing and here are the results.

 We currently have a GlobalScape FTP Server in our network up and running.
  I ran two transfers to it, each with 35 small files, one in active and one
 in passive mode.  Both transfers took approx 3 seconds to complete.  Then I
 took Apache FTPServer and installed it on the same machine and ran the same
 tests to it.  Passive took 3 seconds and active took around 156 seconds.
  This test eliminates my theory that it's network or pc related.

 Below is a small clip from the log file during the active transfer that
 took a long time.

 [ INFO] 2008-11-06 12:19:32,828 [erick] [192.168.1.213] RECEIVED: PORT
 192,168,1,213,194,107
 [ INFO] 2008-11-06 12:19:32,828 [erick] [192.168.1.213] SENT: 200 Command
 PORT okay.

 [ INFO] 2008-11-06 12:19:32,828 [erick] [192.168.1.213] RECEIVED: STOR
 /PERFORMANCE/DB_CSV_FTP.XML
 [ INFO] 2008-11-06 12:19:37,328 [erick] [192.168.1.213] File upload :
 erick - /performance/db_csv_ftp.xml
 [ INFO] 2008-11-06 12:19:37,328 [erick] [192.168.1.213] SENT: 150 File
 status okay; about to open data connection.

 [ INFO] 2008-11-06 12:19:37,328 [erick] [192.168.1.213] SENT: 226
 Transfer complete.

 As you can see there is a 5 second delay in there only during Active
 connections.  If you need any additional information please let me know.

 Thanks in advance!!
 Steve

 Niklas Gustavsson wrote:

 On Wed, Nov 5, 2008 at 11:09 PM, Steve Luebbe [EMAIL PROTECTED]
 wrote:

  Has anyone noticed a difference in performance between FTPing in Active
 mode
 vs. Passive mode?

 I have two laptops on the same network:
 1) Client - Windows Vista, firewall disabled, using FileZilla
 2) Apache FTPServer - Windows XP, firewall disabled

 When FileZilla is set to passive it is relatively fast.  When I switch
 it to
 active it is 2 times to 3 times slower.
 I've done quite a bit of research and playing around but I haven't been
 able
 to determine why.  I'm hoping someone can shed some light on this for
 me...


 Do you see the same behavior with other clients? I can't see anything
 obvious in our code that would cause this but I don't have any numbers
 to back that we don't have a problem in this area.

 /niklas

 __ Information from ESET NOD32 Antivirus, version of virus
 signature database 3592 (20081106) __

 The message was checked by ESET NOD32 Antivirus.

 http://www.eset.com

Re: Any real-world Evidence FtpServer can be run in Spring as part of a webapp, and still accept connections?

[David Latorre]

Since I'm no member of the development team and there're several posts
stating that I'm deploying FtpServer on Glassfish v2u2  v2u1  (and have
tested it on Apache Tomcat too) my word should be enough , I think.  I have
4 copies of FtpServer running on 4 different machines and they are all
started from a ContextListener.
As I said, I tested my example both on Tomcat and Glassfish but I remarked
that some versions of Glassfish Might fail to deploy the server correctly
due to what it seems like a glassfish bug.

So, did you try what I say? You just deploy to tomcat my example app with
the xml config from my previous email regarding this topic. If it is working
you'll already know that ftpserver is working correctly.
Otherwise, post the actual xml config you used plus the log files (I think
that my example just logged to console - so your application server log file
 ) that should indicate any problem that might exist.

We're willing to help but you don't seem to pay much attention to our
feedback. So, please, follow these steps so we can reach to a conclusion. If
you (and I mean ' Brad and Phlogiston') just send complaints with no input
on what your problem is, it is impossible you can make it work.

I was tempted to send an example app which just called new FtpServer()
start() so there was no need to tweak the xml file but I thought that using
 an XML file  would be more useful. My fault probably. In your XML config,
try first with absolute paths to your users.properties file or the keystore.
But as I said, I suggest that you try first with no UserManager configured
nor SSL. I sent you the body of the xml file so just substitute your current
server/server with that one I provided.

Cheers,

 David Latorre

2008/10/20 Phlogiston Eight [EMAIL PROTECTED]


 Is there any real-world evidence that FtpServer can be instantiated from a
 Spring XML config file, started, and then successfully accept client
 connections?

 I know that is the claim, but I need to know if there is any real world
 evidence of that. In other words; someone has tried it and it accepted FTP
 client connections, and allowed uploads/downloads, etc...  I've gone through
 the archives, and so far, no one other than the development team have posted
 reports of any successful use of FtpServer deployed in a Web Container as a
 Spring app, using a Spring XML config file.

 I am not refuting its claim to work under those conditions--I simply am
 trying to establish what is known about FtpServer, empirically.  Not what
 people claim it can do, but what independent developers have gotten it to
 do.  Has anyone out there, unconnected to the dev team, independently
 deployed FtpServer as a Spring app, using a Spring XML config
 file/files--and been able to connect to it with an Ftp client, and
 upload/download etc...?

 The purpose of this post is to ask that question, in a search for evidence.
 I make no claims at this time about whether it does or does not.
 _
 Store, manage and share up to 5GB with Windows Live SkyDrive.

 http://skydrive.live.com/welcome.aspx?provision=1?ocid=TXT_TAGLM_WL_skydrive_102008

Re: ContextListener Example NetBeans Project

[David Latorre]

Phlogiston,
I've tested the example under windows with both  tomcat and glassfish 2(v1 I
think but I cannot tell you right now) with this simple configuration in
ftpd-typical.xml:

 server xmlns=http://mina.apache.org/ftpserver/spring/v1;
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
xsi:schemaLocation=
   http://mina.apache.org/ftpserver/spring/v1
http://mina.apache.org/ftpserver/ftpserver-1.0.xsd
   
id=myServer
listeners
nio-listener name=default port=2121
/nio-listener
/listeners
 /server

This works for me with no tweaking at all, just right click on the project
and select undeploy  deploy.

Can you try running with that config?  Of course you won't be able to log in
but you should be able to connect to port 2121.   If it doesn't work please
stop glassfish and try to deploy the app to Tomcat.
There is a chance that there is a bug in latest Glassfish (v2ur2 ) running
on windows  for I've seen some problems similar to this one:
https://issues.apache.org/jira/browse/DIRMINA-618?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

At the time I  came across that issue, I thought I had to reinstall
Glassfish or check for firewall issues. You may deactivate windows firewall
for this test so we discard possible unrelated problems.

So can you please run the example with that xml  and check glassfish logs
(netbeans' output tab) for some error related to NIO ?


2008/10/20 Phlogiston Eight [EMAIL PROTECTED]


 Thank you for posting that example of a servlet-context listener-based
 launcher for FTPServer within Spring. I appreciate it.

 One question:  I imported it into NetBeans, and made the few necessary
 changes (substituting actual values for placeholders in properties, etc...).
  After that, your example NetBeans project builds and runs. It Does start
 FtpServer (does call its .start() method) when the webapplication is started
 in Glassfish.

 However, it no longer accepts any FTP connections at all. I cannot get any
 FTP client to successfully connect to it.  So it can't be used.  Maybe there
 is another step I need to do which wasn't in the post? That's what I'm
 hoping, because this example comes so close.

 The problem is not failed login, because the USER and the PASS commands
 never get issued to FTPServer. Instead, when the client, at the very first,
 tries to get a connection to talk to the Server, the Server times out. THe
 client waits and waits for a connection so it can send the USER command--but
 the connection is never granted by FTPServer.

 I already had an application which gave connections, allowed logins,
 uploads, downloads, all FTP operations. It all worked perfectly in mine--but
 there was one fundamental problem:  it had to be kicked-off (the server
 started) by calling a main() method.  A no-no for a deployed, Spring-based
 web application. In some cases, an impossibility.  So my hope was that your
 post would solve that prob.  It does solve that problem--but unfortunately,
 no client can connect any more.  I've tested in SSL mode AND in basic,
 NON-SSL mode. Either way, the server always times out before returning a
 connection to the client.

 Do you know why this could be? Anyone else know?  FtpServer Does start when
 the webapp starts--but it no longer functions (allows connections).
 _
 Want to read Hotmail messages in Outlook? The Wordsmiths show you how.

 http://windowslive.com/connect/post/wedowindowslive.spaces.live.com-Blog-cns!20EE04FBC541789!167.entry?ocid=TXT_TAGLM_WL_hotmail_092008

Re: Any simple way to make Spring auto-call start() on FtpServer when it is registered using the server tags? Follow-up, Ralph Palmer: No--the XML config

[David Latorre]

Hello Brad,
  Actually Ralph's idea sounds great (why does it need to be a
DisposableBean, Ralph? my knowledge of Spring is = null) and it start
FtpServer automatically , no need to provide a Main class.

 He builds a web application with that single file and the changes stated in
his mail (yeah, read it carefully! basically you need to add a bean
definition in your Spring file pointing to the class he developed).

Niklas I do think that using Spring lifecycle is better than a
ContextListener. For example, with Spring it is very easy to deploy the
whole thing as a resource adapter instead of a web-application . Spring
 v2 documentation states that this is useful when you need to deploy
something to an application server where you would previously use an empty
Web Applicaton.  It seems like our use case here!


By the way, I have provided a sample project in Jira. It uses a
ContextListener to start FtpServer inside a web application.  The
ftpd-typical.xml file should be edited to configure the usermanager and
provide the SSL keystore. After that you can build  deploy the app!.









2008/10/15 Sisk, Brad [EMAIL PROTECTED]

 You wrote:



 Something like this worked for me:

 package my.ftp

 import org.apache.ftpserver.FtpServer;
 import org.springframework.beans.factory.DisposableBean;

 public class FtpWrapper implements DisposableBean  {

private FtpServer server;

private FtpWrapper() { }

public void setFTPServer(FtpServer server)
{
this.server = server;
init();
}

private void init() {
try {
server.start();  
   ...etc...

  I appreciate your suggestion, Ralph. But if I'm not mistaken, it looks
 like you've posted a solution for a standalone Java app-not the Spring
 approach to bean instantiation. For example, your solution directly
 instantiates FtpServer the way a main() method would-rather than using
 the Spring BeanFactory or ApplicationContext approach.

 As I originally posted, I already know how to launch FTPServer using
 Java. That's not what I'm asking about. My question was about how one
 does the same thing in a deployed Spring application. Spring.  In
 Spring, you are not supposed to directly instantiate any object-but
 rather let Spring instantiate them by calling Spring's BeanFactory
 methods.

 However, for the BeanFactory instantiation to work, one has to have the
 proper XML configuration file written. THIS is the question I was
 asking:  What is the XML I have to write to force Spring to
 automatically call FtpServer.start()?

 See, I need to know how to make SPRING call server.start()---using XML.
 I 'm not asking how to write a Java method call.

Re: FTPS List, assert secure data connection?

[David Latorre]

2008/10/16 Jeroen Cranendonk [EMAIL PROTECTED]

 Ahh, right!

 So my only problem is I'm working with old code :)

 Ok, cheers! :)


Correct me anyone if I'm wrong but if you are using isSecure methods  you
are not using old code so probably onBeforeCommand is already present in
your version.

Did I misunderstand you? What version are you working with?

In your case I would probably use onBeforeCommand for PORT and PASV.

Cheers,
David Latorre





 -Oorspronkelijk bericht-
 Van: Niklas Gustavsson [mailto:[EMAIL PROTECTED]
 Verzonden: Thursday, October 16, 2008 3:48 PM
 Aan: ftpserver-users@mina.apache.org
 Onderwerp: Re: FTPS List, assert secure data connection?

 On Thu, Oct 16, 2008 at 3:28 PM, Jeroen Cranendonk
 [EMAIL PROTECTED] wrote:
  We're using ftpserver as a ftps server over here :)
  I ran into a snag though, the customer demands all 'interesting' stuff is
  sent secure, so in onDownload() etc. we check if the -data- connection is
  secure.
 
  But there's no ftplet onList() for the 'LIST' command, altough LIST
 -does-
  use the data connection to send it's list. So I've got no hook to check
 if
  the data connection is secure before sending the list.
 
  Any ideas how to hack this in? My current desperate plan is to add a
 onList
  myself :)

 You now have onBeforeCommand and onAfterCommand callback methods in
 Ftplets so you can add checks to whatever method you like.

 /niklas




 ___
 Help save paper! Do you really need to print this email?

 Aan de inhoud van dit bericht kunnen alleen rechten ten opzichte van Sdu
 Identification B.V.
 worden ontleend, indien zij door rechtsgeldig ondertekende stukken worden
 ondersteund.
 De informatie in dit e-mailbericht is van vertrouwelijke aard en alleen
 bedoeld voor gebruik
 door geadresseerde. Als u een bericht onbedoeld heeft ontvangen, wordt u
 verzocht de
 verzender hiervan in kennis te stellen en het bericht te vernietigen zonder
 te vermenigvuldigen
 of andersoortig te gebruiken.

 The contents of this electronic mail message are only binding upon Sdu
 Identification B.V.,
 if the contents of the message are accompanied by a lawfully recognized
 type of signature.
 The contents of this electronic mail message are privileged and
 confidential and are intended
 only for use by the addressee. If you have received this electronic mail
 message by error,
 please notify the sender and delete the message without reproducing it and
 using it in any way.

Re: how to client

[David Latorre]

No, you'd use a regular FTP client to connect to the server.There're several
Java implementations of a FtpClient you can use. The simplest case: if i'm
not wrong you can use a 'ftp://' string in order to create an URL with Java
standard classes which will effectively connect you to the specified
ftpserver. Apache commons net ftp client is used in FtpServer client tests
and it looks like a very good option(I'm using apache commons ftp myself  in
our custom client).



2008/10/14 micah [EMAIL PROTECTED]

 Are there any examples on writing a client to to use the server?

 thanks,

 micah

Re: how to client

[David Latorre]

2008/10/14 Andrea Francia [EMAIL PROTECTED]

 2008/10/14 David Latorre [EMAIL PROTECTED]:
  No, you'd use a regular FTP client to connect to the server.There're
 several
  Java implementations of a FtpClient you can use. The simplest case: if
 i'm
  not wrong you can use a 'ftp://' string in order to create an URL with
 Java
  standard classes which will effectively connect you to the specified
  ftpserver. Apache commons net ftp client is used in FtpServer client
 tests
  and it looks like a very good option(I'm using apache commons ftp myself
  in
  our custom client).

 A thing that I really don't like about Apache commons net Ftp Client
 is that you should uses getReply() and
 FTPReply.isPositiveCompletion(reply) instead of exceptions to handle
 command failures.


Yeah sure that's a pain. But I haven't tested any good alternatives to
commons-net. Feel free to suggest any!
What I really don't like about commons-net and makes it much less usable is
that it seems i cannot override the ip address returned by PASV command so I
can open a data socket to the IP  that I  connected to (that of the control
channel) instead of the IP returned by PASV. If i remember correctly, most
UI-based ftp clients can do that.




 --
 Andrea Francia
 http://andreafrancia.blogspot.com/

Re: Setting Up Logging in FTP Server

[David Latorre]

Hello Phlogiston,
 I'm embedding FTPServer in a webapp with my log4j.properties in
WEB-INF/classes and it is working perfectly. I don't know what can be your
problem.
By the way, if you're reading this Niklas, I was about to send my .war with
FTPServer embedded when I noticed that if my listener config was wrong and
the server didn't stop correctlyI had to restart the Application Server
cause the port was already in use by the JVM even after undeploying the war.

I didn't have time to check it last week but I guess the problem is that
you're setting started=true after starting all the listeners. Even if I
catch the Exception in FtpsServer.start() and I call stop, it won't stop
anything as started hasn't been set.





2008/10/6 Phlogiston Eight [EMAIL PROTECTED]


 I have log4j.properties in the /classes subdir as usual, but for some
 reason, the webapp does not seem to be finding it.  Logging is not working
 yet, no log files being written when the app is run. The FTPServer, itself
 is running and working fine. But it is not logging.


 We are running FTPServer embedded in our webapp.  It is writing to
 System.out. that No appenders are set-up (Log4j). However, an appender IS
 defined properly in the log4j.properties file--which is inside
 WEB-INF/classes.  I have used log4j on its own, for years, in web
 applications. For web applications, WEB-INF/classes is where you are
 supposed to put log4j.properties, to define the appenders.

 Where do I have to put log4j.properties within my project for FTPServer to
 successfullly find it?  I'm looking for a specific direectory or URI.
 Thanks.
 _
 Get more out of the Web. Learn 10 hidden secrets of Windows Live.

 http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008

Re: using SSL with FTPServer

[David Latorre]

Phlogiston,  SSL configuration is explained at the docs. I guess you have to
-at least- set the keystore file  and the keystore password. FtpServer comes
with a keystore file you can use for this. Otherwise, google for
instructions on using keytool to generate  a self-signed certificate.
You don't need to enable implicit SSL, that's to use implicit ssl rather
than explicit ssl. A client you can use to test the server and which
supports both implicit  explicit SSL is Filezilla.

I don't know if the docs are correct when it is said that the 'data channel'
is only encrypted in passive mode. I think last time I checked, the data
channel was  encrypted in active mode too. Can anybody confirm one of these
two options?



2008/10/6 Phlogiston Eight [EMAIL PROTECTED]


 I see that FTPServer comes with support for SSL.  If you want to start
 using it, what are the series of steps you must take to enable it?  I know
 you would set  isImplicitSSLEnabled = true, but what else must you do to set
 up FTPServer to use SSL?
 _
 See how Windows connects the people, information, and fun that are part of
 your life.
 http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/

Z mode in Java FTP Clients

[David Latorre]

Hello,
 I was wondering if any java ftps client libraries ( currently  I'm using
the latest commons net ftp version so I can use explicit SSL) support Z mode
or I would have to compress/uncompress everything coming from the data
channel.

Re: Problem getting the server working on MacOSX Leopard

[David Latorre]

There is a chance that is due to canWrite() returning false even if the
directory is writable. There are several bug reports at
http://bugs.sun.com/which complain about this fact (in most systems
there isn't any syscall or
function which will return this value correctly).

Erik could you try this ?

public static void main(String args[])  {
File adminHome = new File(PATH_TO_RES_ADMIN);
File aFile = null;
if (!adminHome.canWrite()) {
System.out.println(Problem found: canWrite returns false);
try {
aFile = File.createTempFile(prefix, sufix, adminHome);
System.out.println(canWrite does not work as expected in
your environment, it returned false but the file  + aFile.getAbsolutePath()
+  was created);
} catch (IOException e) {
System.out.println(PATH_TO_RES_ADMIN +  is actually
non-writable hence the server response. Exception: );
e.printStackTrace();
}
} else {
try {
aFile = File.createTempFile(prefix, sufix, adminHome);
System.out.println(This is not a java.io.File bug, we need
to check further.Created file was:  + aFile.getAbsolutePath());
} catch (IOException e) {
System.out.println(canWrite returns true but there was a
problem trying to create the  file. Exception: );
e.printStackTrace();

}
}

if (aFile != null) {
aFile.deleteOnExit();
}
}


2008/8/20 Erik Morton [EMAIL PROTECTED]

 Yes, silly typo. ./res/admin is a directory.

 I am able to get a file from ./res/admin, I just can't put a file there.


 On Aug 20, 2008, at 3:45 AM, Niklas Gustavsson wrote:

  Cool, you're the first case of using IPv6 with FtpServer that I've seen.

 On Tue, Aug 19, 2008 at 11:31 PM, Erik Morton [EMAIL PROTECTED] wrote:

 I created a file called ./res/admin, which is chmod 777


 When you say file, do you really mean a directory?

 /niklas