Re: FTP Data Channels Through Reverse Proxy
Hi Kenneth, Of course there are FTP-capable (reverse) proxies out there. Maybe there are no free ones; that´s different... Regarding when to close the data channel, that should be easy: if the FTP server closes the data channel, the proxy server should close it as well... Is there a reason why you can´t do that? It´s been a while since I developed our small proxy but I´m quite sure it was enough for us. You mention you´ve been debugging the issue for 6 weeks but only recently (the last day?) realised that the data channel was not closed by the proxy. I think you need some way to get a better insight on what the proxy is doing. My recommendation is a tcpdump network trace from the Proxy server itself so you can capture the traffic between the FTP server and the proxy, as well as the traffic between the proxy and the client. If I have understood your problem correctly, you think the "unknown internal server error" only happens when there´s a proxy between client and server (although that should be transparent for the server). It´s of course a potential explanation, but in all honesty, I haven´t even seen any evidence that the FTPServer is the one closing the control channel. If the network traces say that it´s definitely the FTPServer deciding to close the connection and the SFTP server logs don´t show anything, I believe you´ll have to debug the FTPServer to see what´s going on. I´m sorry we cannot be more helpful. It was with a previous version of FTPServer, but we have used a proxy to forward FTPS traffic to Mina Ftpserver so I´m hoping you´ll finally get to the bottom of this. Best regards, David El jue., 22 ago. 2019 a las 21:15, Kenneth Taylor (< kenneth.tay...@dataexpress.com>) escribió: > David, > > When you say "a proxy that understands FTP", there is no such proxy. > Remember we are doing reverse proxy, not proxy. And the proxy we are using > is one we wrote. And we do have to tell it when to close the data > channel. There is nothing to magically do that. We have now changed our > server Ftplet.afterCommand() to look for the 226 reply and to call the > proxy to close the data chnnel. So that part is fixed. > > But the client still fails on MLSD response. It does not understand what > is coming from the proxy I guess, but its identical to what's coming from > the server. So the only thing that could be causing the problem is that > Apache is closing the command channel, which we see it doing, and it should > not be doing that. We set all the timeouts to large values so that’s not > it. > > I think we've stumbled upon a bug. We've been debugging this for 6 weeks > so we didn't come to this conclusion lightly. Could there be a hard coded > timeout that we just happen to be tripping because the proxy imparts a > small delay? I did see in the debugger a write timeout that users don't > have access to and it was set to 60. Our entire test session only lasts > about 3 seconds. > > Our proxy is very simple. Its just a client side socket and a server side > socket with stream copiers for the 4 streams. Nothing magical. It should > be completely transparent. The stream copiers are doing line-based IO to > match FTP with auto-flush on. We know the socket close logic is at the > heart of the problem. Apache is closing the command socket and I'll bet > there is some internal hidden error causing that. > > Thanks. > Ken > > -Original Message- > From: David Latorre > Sent: Thursday, August 22, 2019 12:51 PM > To: ftpserver-users@mina.apache.org > Subject: Re: FTP Data Channels Through Reverse Proxy > > From your first line I understand that the problem is with the proxy > that's not closing the data channel, isn't it? > > I guess that for a proxy that understands FTP ,you shouldn't do anything > to ensure the proxy closes the channel when the transfer is done. > > It's not clear from your message but I would think that if the connection > gets closed it will be due to some inactivity timeout being reached. Other > than the idle time, I cannot understand why the control channel would be > closed, I can guarantee it's never happened to us. > > Overriding PASV to provide a different IP address works fine and is > correctly supported. I don't know why you want to capture anything after > MLSD completes. If the data channel is closed the FTP proxy will close it's > own data channel to the client. If it doesn't, you need to see how to fix > the proxy. Why would you try to workaround it for just the MLSD command? > don't you ever need to download files? > I wouldn't try to find a workaround in any case to be honest. > > > Best regards, > David > > On Thu, 22 Aug 2019, 17:33 Kenneth Taylor, > > wrote: > > > It looks like the problem is in the closing o
Re: FTP Data Channels Through Reverse Proxy
>From your first line I understand that the problem is with the proxy that's not closing the data channel, isn't it? I guess that for a proxy that understands FTP ,you shouldn't do anything to ensure the proxy closes the channel when the transfer is done. It's not clear from your message but I would think that if the connection gets closed it will be due to some inactivity timeout being reached. Other than the idle time, I cannot understand why the control channel would be closed, I can guarantee it's never happened to us. Overriding PASV to provide a different IP address works fine and is correctly supported. I don't know why you want to capture anything after MLSD completes. If the data channel is closed the FTP proxy will close it's own data channel to the client. If it doesn't, you need to see how to fix the proxy. Why would you try to workaround it for just the MLSD command? don't you ever need to download files? I wouldn't try to find a workaround in any case to be honest. Best regards, David On Thu, 22 Aug 2019, 17:33 Kenneth Taylor, wrote: > It looks like the problem is in the closing of the data channel. Its > happening on the server but not on the proxy so the client hangs waiting > for that to happen, unless the command channel closes. Apache, for some > reason, closes the command channel after the "226 Closing data connection" > is sent. Why? I found this by preventing the command channel from closing > on the proxy, and that caused the client to hang after receiving the MLSD > response. So the previous behavior was misleading because Apache closing > the command channel was being seen by the client which was giving up the > session entirely but complaining about the MLSD failing. > > So is this a bug in Apache or just a missing piece? How would I catch the > 226 response so I could tell the proxy to close the DC? > > We can't use afterCommand() for PASV because that would cause Apache to > open its own DC. So it seems like we have to do an afterCommand() for > MLSD, but then we'd have to know this was for a DC and close that DC > instead of the Command Channel. Ugh! > > Thanks. > Ken > > -Original Message- > From: Kenneth Taylor > Sent: Thursday, August 22, 2019 9:01 AM > To: ftpserver-users@mina.apache.org > Subject: RE: FTP Data Channels Through Reverse Proxy > > Thanks for the response David. I have used 3 different clients > (FileZilla, WinSCP and custom) and they all respond the same. I can see > the MLSD response on the Proxy and that its sending it to the client. > That's why we are stumped. We cannot see any difference between Proxy and > No Proxy. But Apache is closing the Data Channel & Session after sending > the MLSD response, and it should not. Connecting direct, the Data Channel > does not get closed, but I suppose that could be because Apache is > detecting some kind of error that it is not reporting. I've turned the > logs all the way up and don't see anything that would help. > > A network trace might be a good idea. We will try a wireshark scan. > > One thing that just occurred to me is that Apache may be opening more than > one Data Channel and sending the MLSD response down the wrong pipe. Not > sure why it would do that since our PASV handler is a direct copy of the > Apache one (PASV), except with the change of IP and Port in the reponse. > Our Ftplet returns the ResultType of SKIP in the beforeCommand() for PASV > which should stop Apache from opening its own data channel, right? > > Has Apache ever tested this? I would think putting an FTP Server behind a > reverse proxy would be VERY common. Our customers demand it. > > I will have to look at the FTP RFCs again but I don't remember if any > messages are supposed to go through the data channel from the client to the > server. Could it be that Apache is expecting something on that stream, > even if its just an ACK or disconnect? > > Thanks. > Ken > > -Original Message- > From: David Latorre > Sent: Wednesday, August 21, 2019 6:09 PM > To: ftpserver-users@mina.apache.org > Subject: Re: FTP Data Channels Through Reverse Proxy > > Ah sorry, > I was rechecking something and made a mistake regarding the IP address in > the PASV response. In any case, unless you have proof (logs from the server > or network traces of the server <-> proxy bit) that the server returns > invalid data in the proxy case, I think you should focus on verifying why > the client is failing and, if it is caused by an invalid response, why the > proxy is generating it. > > > > > On Thu, 22 Aug 2019, 00:03 David Latorre, wrote: > > > Hi Kenneth, > > > > Shouldn't you receive the proxy address as a response to PASV when > > g
Re: FTP Data Channels Through Reverse Proxy
Ah sorry, I was rechecking something and made a mistake regarding the IP address in the PASV response. In any case, unless you have proof (logs from the server or network traces of the server <-> proxy bit) that the server returns invalid data in the proxy case, I think you should focus on verifying why the client is failing and, if it is caused by an invalid response, why the proxy is generating it. On Thu, 22 Aug 2019, 00:03 David Latorre, wrote: > Hi Kenneth, > > Shouldn't you receive the proxy address as a response to PASV when going > through the proxy? Otherwise it would bypass the proxy, but I'm assuming > you should not connect directly from the client to the server and that's > why you need a proxy. I'm a bit puzzled since you state that the proxy > receives the response to MLSD but the IP that the client sees for PASV is > the same in both cases. > > Your client log for the proxy case does not show any listing as a response > for MLSD, so it's difficult to know what's going on. If you cannot get any > logs for that, get some network traces with tcpdump and check what's going > on. Enabling more detailed logging in the client might also help (you can > configure that in the Filezilla settings). Server logs might also prove > useful. > > In any case I don't see how this would be caused by Ftpserver with the > information you've given. > > > > On Wed, 21 Aug 2019, 21:56 Kenneth Taylor, > wrote: > >> We are trying to get Apache FTP Server to work behind a reverse proxy. >> The only thing not working is the data channels. We use an Ftplet to >> intercept and handle the PASV command and substitute our proxy’s IP and >> port in the PASV response. That all seems to work fine. We are testing it >> with FileZilla client and our server works perfectly when connecting >> directly to the server but fails when going through the proxy. >> >> >> >> We can see the data connections being established on both the server and >> the proxy. Our proxy logs every forwarded message and we can see that all >> client and server messages are being forwarded both ways. >> >> >> >> The problem is that after the PASV command happens the next comand is >> MLSD and we can see the server sending the correct response and the proxy >> is forwarding the listing. But the client interprets the response >> incorrectly and closes the session. After looking at this for many many >> hours we’re stumped. >> >> >> >> Our Proxy is a very simple IO streams forwarder, with a control >> connection to tell the Proxy when to open data channels that forward back >> to the data channel opened by Apache on the Server. >> >> >> >> This is the client log when connecting direct: >> >> >> >> 14:10:44 Command: PASV >> >> 14:10:44 Response: 227 Entering Passive Mode (192,168,0,173,40,122) >> >> 14:10:44 Trace: Binding data connection source IP to control >> connection source IP 192.168.0.92 >> >> 14:10:44 Command: MLSD >> >> 14:10:44 Response: 150 File status okay; about to open data connection. >> >> 14:10:44 Response: 226 Closing data connection. >> >> 14:10:44 Listing: Size=0;Modify=20190814174646.670;Type=dir; Monthly >> >> 14:10:44 Listing: Size=0;Modify=20190814180307.721;Type=dir; Weekly >> >> 14:10:44 Listing: Size=0;Modify=20190814174833.915;Type=dir; Daily >> >> 14:10:44 Listing: Size=0;Modify=20190814175140.777;Type=dir; Archive >> >> 14:10:44 Status: Directory listing of "/" successful >> >> >> >> This is the client log when connecting through the proxy: >> >> >> >> 14:37:16 Command: PASV >> >> 14:37:16 Response: 227 Entering Passive Mode (192,168,0,91,202,228) >> >> 14:37:16 Trace: Binding data connection source IP to control >> connection source IP 192.168.0.173 >> >> 14:37:16 Command: MLSD >> >> 14:37:16 Response: 150 File status okay; about to open data connection. >> >> 14:37:16 Response: 226 Closing data connection. >> >> 14:37:16 Error: Disconnected from server: ECONNABORTED - Connection >> aborted >> >> 14:37:16 Error: Failed to retrieve directory listing >> >> >> >> One weird thing we see is that the “226 Closing data connection” shows up >> on the proxy after the MLSD listing is returned. When connecting direct it >> is before the listing in the client log, but in all cases these messages >> are coming from the same server so that may be a logging anomaly. >> >>
Re: FTP Data Channels Through Reverse Proxy
Hi Kenneth, Shouldn't you receive the proxy address as a response to PASV when going through the proxy? Otherwise it would bypass the proxy, but I'm assuming you should not connect directly from the client to the server and that's why you need a proxy. I'm a bit puzzled since you state that the proxy receives the response to MLSD but the IP that the client sees for PASV is the same in both cases. Your client log for the proxy case does not show any listing as a response for MLSD, so it's difficult to know what's going on. If you cannot get any logs for that, get some network traces with tcpdump and check what's going on. Enabling more detailed logging in the client might also help (you can configure that in the Filezilla settings). Server logs might also prove useful. In any case I don't see how this would be caused by Ftpserver with the information you've given. On Wed, 21 Aug 2019, 21:56 Kenneth Taylor, wrote: > We are trying to get Apache FTP Server to work behind a reverse proxy. The > only thing not working is the data channels. We use an Ftplet to intercept > and handle the PASV command and substitute our proxy’s IP and port in the > PASV response. That all seems to work fine. We are testing it with > FileZilla client and our server works perfectly when connecting directly to > the server but fails when going through the proxy. > > > > We can see the data connections being established on both the server and > the proxy. Our proxy logs every forwarded message and we can see that all > client and server messages are being forwarded both ways. > > > > The problem is that after the PASV command happens the next comand is MLSD > and we can see the server sending the correct response and the proxy is > forwarding the listing. But the client interprets the response incorrectly > and closes the session. After looking at this for many many hours we’re > stumped. > > > > Our Proxy is a very simple IO streams forwarder, with a control connection > to tell the Proxy when to open data channels that forward back to the data > channel opened by Apache on the Server. > > > > This is the client log when connecting direct: > > > > 14:10:44 Command: PASV > > 14:10:44 Response: 227 Entering Passive Mode (192,168,0,173,40,122) > > 14:10:44 Trace: Binding data connection source IP to control > connection source IP 192.168.0.92 > > 14:10:44 Command: MLSD > > 14:10:44 Response: 150 File status okay; about to open data connection. > > 14:10:44 Response: 226 Closing data connection. > > 14:10:44 Listing: Size=0;Modify=20190814174646.670;Type=dir; Monthly > > 14:10:44 Listing: Size=0;Modify=20190814180307.721;Type=dir; Weekly > > 14:10:44 Listing: Size=0;Modify=20190814174833.915;Type=dir; Daily > > 14:10:44 Listing: Size=0;Modify=20190814175140.777;Type=dir; Archive > > 14:10:44 Status: Directory listing of "/" successful > > > > This is the client log when connecting through the proxy: > > > > 14:37:16 Command: PASV > > 14:37:16 Response: 227 Entering Passive Mode (192,168,0,91,202,228) > > 14:37:16 Trace: Binding data connection source IP to control > connection source IP 192.168.0.173 > > 14:37:16 Command: MLSD > > 14:37:16 Response: 150 File status okay; about to open data connection. > > 14:37:16 Response: 226 Closing data connection. > > 14:37:16 Error: Disconnected from server: ECONNABORTED - Connection > aborted > > 14:37:16 Error: Failed to retrieve directory listing > > > > One weird thing we see is that the “226 Closing data connection” shows up > on the proxy after the MLSD listing is returned. When connecting direct it > is before the listing in the client log, but in all cases these messages > are coming from the same server so that may be a logging anomaly. > > > > Thanks for any help. > > Ken > > > > Disclaimer: This email from DMBGroup LLC, DMB Consulting Services LLC, or > the personnel associated with either entity (collectively "*DMB*") and > attachments, contain *CONFIDENTIAL, PRIVILEGED AND PROPRIETARY *information > for exclusive use of the addressee individual(s) or entity. Unauthorized > viewing, copying, disclosure, distribution or use of this e-mail or > attachments may be subject to legal restriction or sanction. If received in > error, notify sender immediately by return e-mail and delete original > message and attachments. Nothing contained in this e-mail or attachments > shall satisfy the requirements for a writing unless specifically stated. > Nothing contained herein shall constitute a contract or electronic > signature under the Electronic Signatures in Global and National Commerce > Act, any version of the Uniform Electronic Transactions Act or any other > statute governing electronic transactions. Opinions and statements > expressed in this e-mail and any attachments are those of the individual > sender and not necessarily of DMB. DMB does not guarantee this e-mail > transmission is secured, error or virus-free. Neither DMB nor
Re: how to disable plain ftp when server is configured with explicit ftp
from the top of my head, I think there's an isSecure() method you can use in a FTPLet... El mié., 6 feb. 2019 a las 11:30, Chandrashekhar H S () escribió: > Hi, > > Is it possible to disable plain-ftp connections when the apache ftp server > is configured to work with explicit-ssl? > > Thanks, > Chandrashekar >
Re: Embedded FTP Server / adding files
There is an implementation of filesystemview over commons vfs that could be a good solution for you. I think there used to be a link in the project's website. El 27 oct. 2017 10:02, "John Hartnup"escribió: > The simplest approach is probably the standard FileSystemViews configured > to use a temporary directory. > > Your tests can populate and check the contents of that directory directly. > > Slightly more sophisticated - you could create an in-memory filesystem. > Have a look at this as an example: > https://github.com/stefanbirkner/fake-sftp-server-rule/blob/master/src/ > main/java/com/github/stefanbirkner/fakesftpserver/ > rule/FakeSftpServerRule.java > > The example uses Apache SSHServer, but a very similar approach ought to > work in Mina SFTPd. > > If you do decide to implement your own virtual FileSystemView, you'll find > there's a lot of methods to implement, but they're all pretty easy to do. > Maybe give yourself a couple of hours research spike to create a > FileSystemView that presents one directory containing one file with a fixed > content; after which you'll know exactly what's going on. > > > > On Tue, Oct 17, 2017 at 4:00 PM Oliver Zemann > wrote: > > > Hi, > > > > i would like to integrate Apache Mina FTP Server into my project for > > integration tests. I need to add some files to it, which should be > > downloaded and then processed. The files i want to use in the > > integration tests are located in the resources. Is it correct that i > > have to implement FileSystemView and set that on the > > ServerFactory.setFileSystem ? > > > > I used another library which was able to do something like that: > > ftpServer.addFile(inputStreamFromResourcesFile, > > "/path/where/to/put/the/file") > > > > Something like a virtual file system. Does apache mina ftp have > > something like that? Unfortunately, the documentation is very limited > > when it comes to embedding the ftp server and file handling and it feels > > a bit overkill to implement FileSystemView. > > > > Thanks! > > > > Oli > > > > >
Re: Trying to use ftpserver 1.0.6 standalone on Windows, unable to configure users
Hello alain, I have never used the utility myself, but I guess you should double check that the jar files you are including in the 'cp' argument do exist. El 09/09/2015 05:27, "Lanteigne, Alan"escribió: > Hello, > > I've been trying to set up ftpd 1.0.6 on a windows machine and use the > users.properties and ftpd-typical.xml configuration as a starting point. I > am able to launch ftpd.exe and use the XML file as the configuration file, > but cannot authenticate and cannot add users. The documentation is pretty > sparse and the page attempting to detail how to add a user from the command > line provides commands that do not work. The command provided is: > > https://mina.apache.org/ftpserver-project/managing_users.html > > java -cp > ftpserver-core-1.0.0-M4.jar;ftplet-api-1.0.0-M4.jar;mina-core-2.0.0-M3.jar; > [slf4j-api-1.5.2.jar;slf4j-simple-1.5.2.jar > [ org.apache.ftpserver.main.AddUser path/to/your/config.xml > > I have attempted to run this command (but changed the version number to > 1.0.6 as directed) but it fails. slf4j-simple-1.5.2.jar does not exist. > I've tried with and without the apparent type of in the middle of the > command as well. What is the proper way to add/configure/delete users via > command line? Is there a more complete documentation set available? I am > not a Java dev, just looking for a CLI controllable SFTP server to > configure and use. > > Thanks! > > Alan > >
Re: Problem with FTPServer / MINA on Tomcat
Try removing the Mina-core dependency. It doesn't specify the version number and it is probably being included as a transitive dependency of Mina ftpserver anyway. In case mina-core didn't get included, specify the correct version (2.0.4 I think) for the library El 08/07/2015 12:33, David Weisgerber david.weisger...@ms-gmbh.de escribió: Hi there, for some days I am struggling to get the FTPServer running on my Tomcat instance. I have my implementatio for the FTPServer, as I need it, running in a jUnit-test environment but as soon as I deploy it to tomcat I get the following Error (not Exception(!)) as soon as a client connects to the FTPServer: Exception in thread pool-1-thread-1 java.lang.IncompatibleClassChangeError at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:277) at org.apache.mina.core.filterchain.DefaultIoFilterChain.addLast(DefaultIoFilterChain.java:174) at org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder.buildFilterChain(DefaultIoFilterChainBuilder.java:452) at org.apache.mina.core.polling.AbstractPollingIoProcessor.addNow(AbstractPollingIoProcessor.java:530) at org.apache.mina.core.polling.AbstractPollingIoProcessor.handleNewSessions(AbstractPollingIoProcessor.java:503) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:68) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1133) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) I am totally unsure which component is in conflict and causes this error. I think that SLF4J and Mina-core should be in the correct version. Can this error come because of some weird problem with AOP components coming with Spring? This is how I add the dependencies to Spring: dependency groupIdorg.apache.ftpserver/groupId artifactIdftpserver-core/artifactId version1.0.6/version exclusions exclusion groupIdorg.springframework/groupId artifactIdspring-context/artifactId /exclusion /exclusions /dependency dependency groupIdorg.apache.mina/groupId artifactIdmina-core/artifactId /dependency Thanks for help, Mit freundlichen Grüßen, David Weisgerber --- David Weisgerber Software Entwickler MS GmbH Leibnizstraße 7 85521 Ottobrunn
Re: accessing ftp server from remote client
I believe your client might be using active mode instead of passive mode. Is that possible? In that case, you also need to allow connections from your ftp server to the Ftp client. El 11/06/2015 05:43, Derya Altuntas deryaaltun...@gmail.com escribió: I am using apache ftp server 1.05 as server, commons-net jar as accessing server from a remote client. I have defined inbound/outbound rules for port 2121, 21 on my server site which FTP server is installed. Then I run my program but it throws above exception in ftp side. [ WARN] 2015-06-03 17:21:00,901 [siguard] [141.29.18.175] FtpDataConnection.getDataSocket() java.net.ConnectException: Connection refused: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366) at java.net.Socket.connect(Socket.java:529) at java.net.Socket.connect(Socket.java:478) at org.apache.ftpserver.impl.IODataConnectionFactory.createDataSocket(IODataConnectionFactory.java:314) at org.apache.ftpserver.impl.IODataConnectionFactory.openConnection(IODataConnectionFactory.java:259) at org.apache.ftpserver.command.impl.LIST.execute(LIST.java:114) at org.apache.ftpserver.impl.DefaultFtpHandler.messageReceived(DefaultFtpHandler.java:210) at org.apache.ftpserver.listener.nio.FtpHandlerAdapter.messageReceived(FtpHandlerAdapter.java:61) at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) at org.apache.ftpserver.listener.nio.FtpLoggingFilter.messageReceived(FtpLoggingFilter.java:85) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71) at org.apache.mina.filter.logging.MdcInjectionFilter.filter(MdcInjectionFilter.java:136) at org.apache.mina.filter.util.CommonEventFilter.messageReceived(CommonEventFilter.java:70) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375) at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71) at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTask(OrderedThreadPoolExecutor.java:780) at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTasks(OrderedThreadPoolExecutor.java:772) at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.run(OrderedThreadPoolExecutor.java:714) at java.lang.Thread.run(Thread.java:662) [ INFO] 2015-06-03 17:21:00,901 [siguard] [141.29.18.175] SENT: 150 File status okay; about to open data connection. [ INFO] 2015-06-03 17:21:00,901 [siguard] [141.29.18.175] SENT: 425 Can't open data connection. Then I changed ftpd-typical. xml. I have added passive ports definition there. Then I also defined inbound/outbound rules for these ports on firewall. Then I can list files. But I can not upload/download files. I think Server is also using other ports except ones defined in xml. I am sending logs
Re: Connection refused error when internal IP address is set on listener
Oh I thought your problem was with the data connection. If the only difference is the internal IP, it might be the that internal ip you set is incorrect( or, at least, it is not the ip to which you are trying to connect with Filezilla). Besides enabling logging in the server side you can use standard OS commands to check if your server is listening (netstat -an, telnet from local host etc.) El 09/06/2015 16:03, Martin Wunderlich m...@censhare.de escribió: This is the log output I get when I set the log level to Debug: (the contents are identical in the console and the log file) 16:01:50 Status:Disconnected from server 16:01:50 Trace: CControlSocket::DoClose(64) 16:01:50 Trace: CControlSocket::DoClose(64) 16:01:50 Trace: CControlSocket::DoClose(64) 16:01:50 Trace: CFileZillaEnginePrivate::ResetOperation(0) 16:01:50 Status:Resolving address of example.com 16:01:50 Status:Connecting to 123.123.123.123:4243... 16:01:50 Status:Connection attempt failed with ECONNREFUSED - Connection refused by server. 16:01:50 Trace: CRealControlSocket::OnClose(61) 16:01:50 Trace: CControlSocket::DoClose(64) 16:01:50 Trace: CFtpControlSocket::ResetOperation(66) 16:01:50 Trace: CControlSocket::ResetOperation(66) 16:01:50 Error: Could not connect to server 16:01:50 Trace: CFileZillaEnginePrivate::ResetOperation(66) Cheers, Martin Am 09.06.2015 um 15:47 schrieb David Latorre dvl...@gmail.com: Probably the full Filezilla log file will be enough El 09/06/2015 15:46, Martin Wunderlich m...@censhare.de escribió: Hi David, There isn’t much in the log files, I am afraid. This is what I get with Filezilla on the client side: 15:44:30 Status:Resolving address of exmample.com 15:44:30 Status:Connecting to 123.123.123.123:4243... 15:44:30 Status:Connection attempt failed with ECONNREFUSED - Connection refused by server. 15:44:30 Error: Could not connect to server There is nothing logged on the server side. Sorry, not much help, I know. Cheers, Martin Am 09.06.2015 um 15:36 schrieb David Latorre dvl...@gmail.com: Martin, Can you include the log file (with the messages which have been received and sent) of the Ftp server? Also, the log file of the ftp client would be helpful El 09/06/2015 15:25, Martin Wunderlich m...@censhare.de escribió: No, in the client I set the external IP address, because the server is accessed from outside the firewall. This external IP address is also configured on the server-side, of course. Cheers, Martin Am 09.06.2015 um 15:18 schrieb Alessio Santacroce alessio.santacr...@gmail.com: Stupid question... when you set the ip to the ftp server, do you use the same ip on the ftp client as well? On Tuesday, June 9, 2015, Martin Wunderlich m...@censhare.de wrote: Hi all, We observed some strange behavior that I can’t quite explain: Our FTP server is running in passive mode and offering a listener for FTP over TLS. When the internal IP address is set in the configuration, I am not able to connect with the FTP client (tested with both Filezilla and Cyberbuck). The error „Connection refused“ is raised when trying to connect. However, when the internal IP address is set to „0.0.0.0“, the connection is fine. I have stepped through the code and the listener seems to be instantiated alright. So, what could be the problem? Cheers, Martin censhare featured as Cool Vendor for Content Management by Gartner censhare featured as Cool Vendor for Content Management by Gartner censhare featured as Cool Vendor for Content Management by Gartner censhare featured as Cool Vendor for Content Management by Gartner
Re: Connection refused error when internal IP address is set on listener
Probably the full Filezilla log file will be enough El 09/06/2015 15:46, Martin Wunderlich m...@censhare.de escribió: Hi David, There isn’t much in the log files, I am afraid. This is what I get with Filezilla on the client side: 15:44:30 Status:Resolving address of exmample.com 15:44:30 Status:Connecting to 123.123.123.123:4243... 15:44:30 Status:Connection attempt failed with ECONNREFUSED - Connection refused by server. 15:44:30 Error: Could not connect to server There is nothing logged on the server side. Sorry, not much help, I know. Cheers, Martin Am 09.06.2015 um 15:36 schrieb David Latorre dvl...@gmail.com: Martin, Can you include the log file (with the messages which have been received and sent) of the Ftp server? Also, the log file of the ftp client would be helpful El 09/06/2015 15:25, Martin Wunderlich m...@censhare.de escribió: No, in the client I set the external IP address, because the server is accessed from outside the firewall. This external IP address is also configured on the server-side, of course. Cheers, Martin Am 09.06.2015 um 15:18 schrieb Alessio Santacroce alessio.santacr...@gmail.com: Stupid question... when you set the ip to the ftp server, do you use the same ip on the ftp client as well? On Tuesday, June 9, 2015, Martin Wunderlich m...@censhare.de wrote: Hi all, We observed some strange behavior that I can’t quite explain: Our FTP server is running in passive mode and offering a listener for FTP over TLS. When the internal IP address is set in the configuration, I am not able to connect with the FTP client (tested with both Filezilla and Cyberbuck). The error „Connection refused“ is raised when trying to connect. However, when the internal IP address is set to „0.0.0.0“, the connection is fine. I have stepped through the code and the listener seems to be instantiated alright. So, what could be the problem? Cheers, Martin censhare featured as Cool Vendor for Content Management by Gartner censhare featured as Cool Vendor for Content Management by Gartner censhare featured as Cool Vendor for Content Management by Gartner
Re: Connection refused error when internal IP address is set on listener
Martin, Can you include the log file (with the messages which have been received and sent) of the Ftp server? Also, the log file of the ftp client would be helpful El 09/06/2015 15:25, Martin Wunderlich m...@censhare.de escribió: No, in the client I set the external IP address, because the server is accessed from outside the firewall. This external IP address is also configured on the server-side, of course. Cheers, Martin Am 09.06.2015 um 15:18 schrieb Alessio Santacroce alessio.santacr...@gmail.com: Stupid question... when you set the ip to the ftp server, do you use the same ip on the ftp client as well? On Tuesday, June 9, 2015, Martin Wunderlich m...@censhare.de wrote: Hi all, We observed some strange behavior that I can’t quite explain: Our FTP server is running in passive mode and offering a listener for FTP over TLS. When the internal IP address is set in the configuration, I am not able to connect with the FTP client (tested with both Filezilla and Cyberbuck). The error „Connection refused“ is raised when trying to connect. However, when the internal IP address is set to „0.0.0.0“, the connection is fine. I have stepped through the code and the listener seems to be instantiated alright. So, what could be the problem? Cheers, Martin censhare featured as Cool Vendor for Content Management by Gartner censhare featured as Cool Vendor for Content Management by Gartner
Re: disable sslv3
As Erick says, you need to invoke SSLFilter.setEnabledProtocols() . If you are willing to provide a patch in order to expose the EnabledProtocols method in the Listener configuration, we will be happy to integrate it into the FTPServer code . Kindest regards, 2015-01-21 12:13 GMT+01:00 Erick Lichtas elich...@linoma.com: Hello, I'm not sure how much work has been done with this on the project with this lately, but what needs to be added is an option that allows the 'enabled ssl protocols' to be set on the mina SSLFilter in a few spots. Basically, every place in the code that calls sslFilter.setEnabledCipherSuites(..) should also/instead call sslFilter.setEnabledProtocols(..). If such is done, you can granularly control which SSL/TLS protocols are enabled on the server. And this works well for the Oracle and IBM jvms. Regards, Erick -Original Message- From: juergen sorg [mailto:j.s...@fz-juelich.de] Sent: Wednesday, January 21, 2015 12:58 AM To: ftpserver-users@mina.apache.org Subject: disable sslv3 hi, is it possible to disable some SSL and TLS versions in apache mina ftp server? i read the documentation, but there is only the option to choose between SSL or TLS. and if i specifiy TLS in the configuration (spring confign file) then the same protocols are enabled as i use SSL (i could connect by using openssl client with SSLv3, TLSv1 TLSv1.1 TLSv1.2 thanks in advance gruss juergen
Re: How to suppress logging of SSLHandshakeException
Uh, when I said 'servlet' I meant ftplet.
Re: How to suppress logging of SSLHandshakeException
Hello Martin, If I understand you correctly, there are cases in which the session is closed due to a javax.net.ssl.SSLHandshakeException , but you do not want to show any of this in the logfile? Thus, you do not want the 2014.12.04-15:51:20.429 INFO : pool-3-thread-5: FtpLoggingFilter: CLOSED line either. Is that correct? If you only want to ignore the stacktrace, you might change the FtpLoggingFilter and recompile Mina FTP Server or maybe you can modify the FilterChain in a servlet when you get the AUTH TLS request and substitute FtpLoggingFilter for your own implementation. I do not know if there is a way to solve this using NDC or MDC... Kindest regards, David Latorre 2014-12-15 9:15 GMT+01:00 Martin Wunderlich m...@censhare.de: Hi all, we recently noticed that the Apache MINA FTPServer will log an javax.net.ssl.SSLHandshakeException when the server does not have a valid certificate. The complete stracktrace from the log files is listed below. Since it is logged on the MINA-side, it doesn’t even reach my section of the Java code. Is there a way to suppress the logging of this particular Exception while retaining the loggings of other WARNINGs? Cheers, Martin 2014.12.04-15:51:20.318 INFO : NioProcessor-9: FtpLoggingFilter: CREATED 2014.12.04-15:51:20.320 INFO : pool-3-thread-5: FtpLoggingFilter: OPENED 2014.12.04-15:51:20.321 INFO : pool-3-thread-6: FtpLoggingFilter: SENT: 220 Service ready for new user. 2014.12.04-15:51:20.333 INFO : pool-3-thread-5: FtpLoggingFilter: RECEIVED: AUTH TLS 2014.12.04-15:51:20.425 WARNING: pool-3-thread-6: FtpLoggingFilter: EXCEPTION : javax.net.ssl.SSLHandshakeException: SSL handshake failed. at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:507) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943) at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542) at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:535) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:714) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:67) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1121) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) Caused by: javax.net.ssl.SSLHandshakeException: Invalid Padding length: 140 at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1683) at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:959) at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884) at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) at org.apache.mina.filter.ssl.SslHandler.unwrap(SslHandler.java:748) at org.apache.mina.filter.ssl.SslHandler.unwrapHandshake(SslHandler.java:683) at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:569) at org.apache.mina.filter.ssl.SslHandler.messageReceived(SslHandler.java:355) at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:488) ... 15 more Caused by: javax.crypto.BadPaddingException: Invalid Padding length: 140 at sun.security.ssl.CipherBox.removePadding(CipherBox.java:684) at sun.security.ssl.CipherBox.decrypt(CipherBox.java:423) at sun.security.ssl.InputRecord.decrypt(InputRecord.java:154) at sun.security.ssl.EngineInputRecord.decrypt(EngineInputRecord.java:192) at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:953) ... 23 more 2014.12.04-15:51:20.427 SEVERE : pool-3-thread-6: DefaultFtpHandler: Exception caught, closing session javax.net.ssl.SSLHandshakeException: SSL handshake
Re: Error while connection to FTP server running implicit SSL
Martin, Could you attach Filezilla and Mina FTPServer log files as well as FTPServer configuration xml and Filezilla's config (either screenshot or XML file without the passwords)? 2014-06-30 10:57 GMT+02:00 Martin Wunderlich m...@censhare.de: Hi all, I am expanding our MINA-based FTP server by adding a setting for implicit vs. explicit SSL. I have made all the necessary changes, but for some reason I can’t connect to the server anymore when implicit SSL is set to true. In explicit SSL mode it works fine. When trying to connect, I get the error message: Connection established, waiting for welcome message... And then the FileZilla client just hangs until it has timed out… Any ideas anyone? Thanks a lot. Cheers, Martin
Re: Doubt on partial files
Hello Edson, Even though you might achieve that by using a FTPlet, I think a better solution is that the Ftp client itself renames the file after a successful upload. El 22/03/2014 19:06, Edson Richter edsonrich...@hotmail.com escribió: Hi! I'm new on FTP Server project, and after reading documentation I could not find if there is a option to deal with partial uploads. What I would like to do is that received files keep extension .tmp or .partial until finished. For example: client send file meuarquivodedados.dat ftp server start received file with name meuarquivodedados.dat.tmp or meuarquivodedados.dat.partial client finish sending file normally ftp server renames file from meuarquivodedados.dat.tmp to meuarquivodedados.dat Is there a option for that? Other option I'm evaluating is to use a database server as repository, and then set a flag as complete when finished. Any guidance on that? Please, consider me a complete novice in this topic (some FTP, SFTP and Linux knowledge, but little - to none - Apache FTP Server knowledge so far), ok? Thanks, -- *Edson Carlos Ericksson Richter* /Sistemas para Bibliotecas, Escolinhas Infantis Projetos sob medida para sua empresa/ Celular:(51) 9318-9766 (51) 8585-0796 /A mente que se abre a uma nova ideia jamais voltará ao seu tamanho original/ - Albert Einstein
Re: user authntication
If you mean SSL client-cert-authentication, there are some emails regarding this topic in the mailing list: http://mail-archives.apache.org/mod_mbox/mina-ftpserver-users/201104.mbox/%3CBANLkTikGiHjLLZufBn=cgqydjjkzrlw...@mail.gmail.com%3E 2013/8/21 pri...@meyersascha.de Hello, i have a quick question regarding the user authentication at the ftp server. Currently, each user can login with an ftp client, the appropriate user name and password for the ftp server and transfer data or files. Is it possible to authenticate these users switch to a key exchange or something like that? I have a user who apparently can not login with the username and password and therefore he wants to authenticate with a key exchange. Is such a thing possible? Greetings Sascha Meyer
Re: No users can connect, no error.
I would make sure that the ftplet is the actual reason(ie, add the ftplet again and check). You have two options: 1) fix your ftplet if that's enough for you 2) (recommended) use the logging output for your status window. For this, you can parse the log files or use an adequate logging appender / channel El 22/05/2013 17:11, Travis Bowen tbo...@us.ibm.com escribió: Removing the ftplet worked. I was using it because I would like to capture the output of the server to display in a status window and could not figure out another way. Is there a better way to do that? Thanks, *TRAVIS BOWEN * Staff Software Engineer IBM Systems Technology Group, Client Enablement Systems Assurance -- *Phone: *520-799-4612 | *Mobile: *520-975-1526 * E-mail:* *tbo...@us.ibm.com** * tbo...@us.ibm.com [image: IBM] 9000 S Rita Rd Tucson, AZ 85744-0002 United States [image: Inactive hide details for David Latorre ---05/22/2013 07:55:10 AM---If you cannot debug the code, remove your FTPLet , set the]David Latorre ---05/22/2013 07:55:10 AM---If you cannot debug the code, remove your FTPLet , set the debug level to DEBUG and try and connec From: David Latorre dvl...@gmail.com To: ftpserver-users@mina.apache.org, Date: 05/22/2013 07:55 AM Subject: Re: No users can connect, no error. -- If you cannot debug the code, remove your FTPLet , set the debug level to DEBUG and try and connect from a remote client while monitoring the connection with wireshark. 2013/5/22 John Hartnup john.hart...@gmail.com: It looks as if the socket is being closed, and not by the server. Therefore, either the client or a firewall. To be absolutely sure of this, use something like Wireshark to trace the TCP packets -- find out which end closes the socket, and whether it's a FIN or a RST. Or you could attach a debugger to the server's Java process and step through the login process. I don't think it is a firewall issue as I would expect the client to not even be able to connect to the server. It seems to connect then the server closes the connection immediately. Some firewalls do stateful protocol analysis of FTP. That is, they look at the content and make decisions based on it, for example they allow sockets to open on ports that they've seen in PORT and PASV commands. Some of these firewalls can be configured to decline anonymous FTP, and that would be consistent with your original report: firewall allows socket connection; firewall sees USER command with parameter anonymous, and closes the socket as a result. However, if you get the same result with admin/admin, that's less likely to be the reason. On 21 May 2013 21:17, Travis Bowen tbo...@us.ibm.com wrote: I am trying to connect from the same computer using the filezilla client. I have tried the default users.properties from the 1.0.6 distribution with both ClearTextPasswordEncryptor and SaltedPasswordEncryptor and both anonymous and admin/admin show the same results. I don't think it is a firewall issue as I would expect the client to not even be able to connect to the server. It seems to connect then the server closes the connection immediately. Thanks, *TRAVIS BOWEN * Staff Software Engineer IBM Systems Technology Group, Client Enablement Systems Assurance [image: Inactive hide details for John Hartnup ---05/21/2013 01:02:22 PM---This like the work of a firewall rejecting anonymous Ftp. Yo]John Hartnup ---05/21/2013 01:02:22 PM---This like the work of a firewall rejecting anonymous Ftp. You could verify this by trying to log in From: John Hartnup john.hart...@gmail.com To: ftpserver-users@mina.apache.org, Date: 05/21/2013 01:02 PM Subject: Re: No users can connect, no error. -- This like the work of a firewall rejecting anonymous Ftp. You could verify this by trying to log in from a client on the same system as the server, or by changing the configuration to use a username other than anonymous. On 21 May 2013 20:28, Travis Bowen tbo...@us.ibm.com wrote: First I'd like to thank you for providing this software. However, the documentation is somewhat lacking. I've spent several hours just trying to get the embedded version to accept user logins. Here is the code I am using (drawn from the quickstart docs and other sources): FtpServerFactory serverFactory = *new* FtpServerFactory(); ListenerFactory listenerFactory = *new* ListenerFactory(); // set the port of the listener listenerFactory.setPort(*props*.getFtpPortProperty()); Listener listener = listenerFactory.createListener(); // replace the default listener serverFactory.addListener(default, listener); MapString, Ftplet ftpletMap = *new* HashMapString, Ftplet
Re: Upload hangs using FTPS
Hola Rubén, Are you sure your description of the problem is correct? [ INFO] 2013-01-25 12:05:07,599 [xxx] [127.0.0.1] RECEIVED: STOR xx [ WARN] 2013-01-25 12:05:28,477 [xxx] [127.0.0.1] Exception during data transfer, closing data connection socket According to you, this error occurs when you cancel the upload . But you can see that the warn message is written 11 seconds after the STOR command is received. There's a slight chance that the error is caused by a bug in the way FileZilla closes the SSL connection - I've noticed this before in some other FTP clients like WinSCP. Java is very picky in this topic and a malformed shutdown message will cause an Exception. 2013/1/28 Rubén Páez ruben.p...@itac.com.co Hi! I have configured an standalone ftp server (Apache FTPServer) using this config file: START -- -- -- -- -- -- -- ?xml version=1.0 encoding=UTF-8? server xmlns=http://mina.apache.org/ftpserver/spring/v1; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation= http://mina.apache.org/ftpserver/spring/v1 http://mina.apache.org/ftpserver/ftpserver-1.0.xsd id=myServer listeners nio-listener name=default port=2122 ssl keystore file=./res/ftpserver.jks password=password / /ssl /nio-listener nio-listener name=sdefault port=21991 implicit-ssl=true ssl keystore file=./res/ftpserver.jks password=password / /ssl /nio-listener /listeners file-user-manager file=./res/conf/users.properties / /server END -- -- -- -- -- -- -- I use FileZilla Client to log in (either using FTPES or FTPS, I've tried both, I accept the certificate FileZilla displays to me) and try to upload a file. Everything seems ok, but the upload always stalls (around 300 kB). The log of FileZilla Client is: START -- -- -- -- -- -- -- Status: Resolving address of localhost Status: Connecting to 127.0.0.1:2122... Status: Connection established, waiting for welcome message... Response: 220 Service ready for new user. Command: AUTH TLS Response: 234 Command AUTH okay; starting TLS connection. Status: Initializing TLS... Status: Verifying certificate... Command: USER xxx Status: TLS/SSL connection established. Response: 331 User name okay, need password for xxx Command: PASS * Response: 230 User logged in, proceed. Command: OPTS UTF8 ON Response: 200 Command OPTS okay. Command: PBSZ 0 Response: 200 Command PBSZ okay. Command: PROT P Response: 200 Command PROT okay. Command: OPTS MLST size;modify;type; Response: 200 Command OPTS okay. Status: Connected Status: Starting upload of xxx Command: CWD / Response: 250 Directory changed to / Command: PWD Response: 257 / is current directory. Command: TYPE I Response: 200 Command TYPE okay. Command: PASV Response: 227 Entering Passive Mode (127,0,0,1,199,113) Command: STOR xxx Response: 150 File status okay; about to open data connection. Error: Connection timed out Error: File transfer failed after transferring 278.6 KB in 21 seconds Response: 551 xx: Error on output file. Status: Disconnected from server Error: Connection closed by server END -- -- -- -- -- -- -- and the Apache FTP Sever log is: START -- -- -- -- -- -- -- [ INFO] 2013-01-25 12:04:31,940 [] [] Refreshing org.springframework.context.support.FileSystemXmlApplicationContext@ed0338: display name [org.springframework.context.support.FileSystemXmlApplicationContext@ed0338]; startup date [Fri Jan 25 12:04:31 COT 2013]; root of context hierarchy [ INFO] 2013-01-25 12:04:32,030 [] [] Loading XML bean definitions from file [/apache-ftpserver-1.0.6/res/conf/ftpd-typical.xml] [ INFO] 2013-01-25 12:04:32,370 [] [] Bean factory for application context [org.springframework.context.support.FileSystemXmlApplicationContext@ed0338]: org.springframework.beans.factory.support.DefaultListableBeanFactory@19bb25a [ INFO] 2013-01-25 12:04:32,402 [] [] Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@19bb25a: defining beans [org.apache.ftpserver.listener.ListenerFactory#0,org.apache.ftpserver.listener.ListenerFactory#1,org.apache.ftpserver.usermanager.PropertiesUserManagerFactory#0,org.apache.ftpserver.FtpServerFactory#0,myServer]; root of factory hierarchy [ INFO] 2013-01-25 12:04:32,744 [] [] FTP server started [ INFO] 2013-01-25 12:05:06,927 [] [127.0.0.1] CREATED [ INFO] 2013-01-25 12:05:06,929 [] [127.0.0.1] OPENED [ INFO] 2013-01-25 12:05:06,930 [] [127.0.0.1] SENT: 220 Service ready for new user. [ INFO] 2013-01-25 12:05:07,051 [] [127.0.0.1] RECEIVED: AUTH TLS [ INFO] 2013-01-25
Re: FTP server dies every few hours
Hello Jerry, We have several instances of FTPServer in Linux and Win Server 2003 and never suffered such a problem (they have been running for months now). Can you provide us with the following information? 1) Apache FTPServer, Apache MINA and JRE/JDK versions. 2) Are you using any custom code (e.g., Ftplets, commands, filesystem ) ? I cannot recall any similiar issue so my initial thought was that your problem is due to 2) - but I haven't been able to follow the mailing list lately so I might be utterly wrong. 2012/12/7 Jerry M techst...@malcolms.com I've been using the FTPServer (on Win Server 2008) since around June of this year. I don't need ftp around the clock. So this problem hasn't been critical. But it has become very annoying. I have it configured to run as a Windows service. I'll start the FTP service. Do ftp tasks on and off for a few hours. When I come back hours later or the next day and try to FTP, I get a server closed connection unexpectedly or something like that when I try to send or receive. I then have to log on to the server and bounce the ftp service. Everything is good to go again, for a few hours. Then it's dead again the next time I need it. Again, this is as consistent as clockwork. I've never had it stay up 24 hours. I looked at the FTP logs and see nothing irregular logged. First question... does this sound familiar to anyone? Second question... if no one has heard of this behavior until now, what kind of debug can I do to try to figure out what is happening? (I've got an extensive coding and debug background. So I can go under the hood if necessary). I like the server. I would just like for it to stay alive more than a few hours. BTW... not seeing anything like this on any of my other servers (apache, tomcat, james) that are running in the same box. Thanks. Jerry
Re: ipv6, subdomain and DNS
Why don't you just use a single User Manager which returns a different FileSystem 'Root folder' depending on the group the user belongs to? 2012/8/28 Niklas Gustavsson nik...@protocol7.com On Tue, Aug 28, 2012 at 7:43 PM, Mauro Asprea mauroasp...@gmail.com wrote: There is a maximum number of Listeners (eg: ports) that I can have available? No hard limit, except for the number of available ports (and memory/CPU resources). /niklas
Re: Setup UIDs at apache FTP
Hello, Unfortunately, this is not available out of the box. You can, however, use your own custom FileSystem implementation or even a FTPlet for this. Unless you' re using Java 7, you'll probably have to run chmod in a system call 2012/3/17 Алексей lexleogry...@mail.by Hello how i can setup different UIDS for different accounts in user.properties? Is it impossible? Im running ftp as daemon from root, and have various account in user.properties, each belongs to linux user, each have personal folder. every time after uploading files, i need to make chmod and chown for each folder, cuz by default file owner is set to root in ftp server. I also dont want run many ftp instances with various UIDs for each user with start-stop-daemon, cuz it makes non sense. --**-- Живи ярко - http://afisha.open.by/
Re: Issue while running FTP daemon in Linux environment
Hello, I didn't take a look at your code, but it seems that your problem is related to data connections. Please, deactivate your firewall and try both active or passive mode. 2012/2/28 gaurav chopra gaurav.chopr...@gmail.com Hi All, I have created a daemon for ftp purpose. The daemon is working fine in windows environment., but giving the following error in linux environment: Timeout detected. Could not retrieve directory listing File status okay; about to open data connection. Error listing directory '/'. I created a user 'test' and when trying to login getting this error with error code 421. (The user dir named 'test' is getting created in the linux environment and the dir is owned by root) Please find attached java code written to set config and start server. Appreciate your support! -- Regards, Gaurav Chopra
Re: Accessing Files from other users home folder?
Hello, You can use symbolic links as gary bell suggested. Another option is that you replace our default FileSystem implementation with the one provided by the VFS Utils Project, VFS FTPServer Bridge http://vfs-utils.sourceforge.net/ftpserver/index.html If I'm not wrong, in one of its operation modes, you are not restricted to the user's home directory. You can always develop your own 'Filesystem' implementation :-) 2011/12/15 Nilesh Apte nilesh.apt...@gmail.com Hi: Can a ftp user access a file from other ftp users' home directory (or sub directory)? For example, 1. UserA has his home directory as /home/UserA 2. UserB has his home directory as /home/UserB 3. UserA has a file at following folder location, */home/UserA/documents/test.**txt* 4. When UserB connect to apache ftp server, he will see / (which maps to /home/UserB) as his root directory. 5. Can UserB issue *GET /home/UserA/documents/test.**txt* to retrieve the file? I tried running ftp server stand alone in 5 minutes link, and this seems to be not supported out of the box. I get 550 ... : No such file or directory error. What is the recommended/best way to share files between various ftp users? Thanks, Nilesh.
Re: FOUND THE REAL ISSUE - RE: Control connection closing on idle timeout even when data transfer is going on
Hello Sachin, It seems this is a bug we should fix. Can you open a JIRA issue and provide a test case with it? 2011/12/10 Sachin Shetty sshe...@egnyte.com I found the real issue here. I was misguided by Filezilla's dual connection behavior where it always spawns a new connection for a data transfer and leaved the original listing connection open. It's the listing connection that times out, but the transfer connection is active and my assumption of the root cause was wrong. My real problem is the issue reported in various other cases like: http://mail-archives.apache.org/mod_mbox/mina-dev/201102.mbox/%3C987378340.1 0467.1297432017841.javamail.tom...@hel.zones.apache.org%3E http://old.nabble.com/-jira--Created:-%28FTPSERVER-295%29-Connection-reset-b y-peer,-help-td23269194.html I can reproduce this in filezilla, by setting a slow upload speed 1kbps, causing the upload to go on for more than an hour. Filezilla transfers the whole file and then fails with Error: Connection timed out Error: File transfer failed after transferring 2,392,064 bytes in 2551 seconds FTP Logs: INFO 2011-12-10 15:48:54,134 pool-3-thread-54 D- U- S- org.apache.ftpserver.command.impl.STOR - File uploaded /Private/sshetty/9.doc INFO 2011-12-10 15:48:54,138 pool-3-thread-54 D- U- S- org.apache.ftpserver.listener.nio.FtpLoggingFilter - SENT: 150 File status okay; about to open data connection.^M INFO 2011-12-10 15:48:54,138 pool-3-thread-54 D- U- S- org.apache.ftpserver.listener.nio.FtpLoggingFilter - SENT: 226 Transfer complete.^M WARN 2011-12-10 15:48:54,138 pool-3-thread-54 D- U- S- org.apache.ftpserver.listener.nio.FtpLoggingFilter - EXCEPTION : java.io.IOException: Connection reset by peer at sun.nio.ch.FileDispatcher.read0(Native Method) at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:21) at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:233) at sun.nio.ch.IOUtil.read(IOUtil.java:206) at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:236) at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:214 ) at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:42) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPolling IoProcessor.java:673) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPoll ingIoProcessor.java:646) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPoll ingIoProcessor.java:635) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractP ollingIoProcessor.java:67) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(Abstra ctPollingIoProcessor.java:1079) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java: 64) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.ja va:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:9 08) at java.lang.Thread.run(Thread.java:619) ERROR 2011-12-10 15:48:54,139 pool-3-thread-54 D- U- S- org.apache.ftpserver.impl.DefaultFtpHandler - Exception caught, closing session java.io.IOException: Connection reset by peer at sun.nio.ch.FileDispatcher.read0(Native Method) at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:21) at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:233) at sun.nio.ch.IOUtil.read(IOUtil.java:206) at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:236) at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:214 ) at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:42) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPolling IoProcessor.java:673) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPoll ingIoProcessor.java:646) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPoll ingIoProcessor.java:635) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractP ollingIoProcessor.java:67) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(Abstra ctPollingIoProcessor.java:1079) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java: 64) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.ja va:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:9 08) at java.lang.Thread.run(Thread.java:619) INFO 2011-12-10 15:48:54,139 pool-3-thread-54 D- U- S- org.apache.ftpserver.listener.nio.FtpLoggingFilter - CLOSED From: Sachin Shetty [mailto:sshe...@egnyte.com] Sent: Monday, December 05, 2011 4:04 PM To: 'Sachin Shetty';
Re: FTPD service does not start
Hello Jamal, Have you tried running it from the command line Instead of using the created service? Just to find out what components are failing. 2011/11/8 Jamal Abreu jamallu...@hotmail.com Hi, I installed the service using service install ftpd ftpd-typical.xml the installation succeeded! However, when I can not start the service if I try, and I get the following log message [2011-11-09 00:13:33] [info] Running Service... [2011-11-09 00:13:33] [info] Starting service... [2011-11-09 00:13:33] [947 prunsrv.c] [error] Failed creating java [2011-11-09 00:13:33] [1202 prunsrv.c] [error] ServiceStart returned 1 [2011-11-09 00:13:33] [info] Run service finished. [2011-11-09 00:13:33] [info] Procrun finished. FTP server version: 1.0.6 My Environment: Windows 7 64 bit, JRE7 Any idea? Thanks Jamal
Re: find out the transfer rate
If you are doing what Miroslav said, I'd rather believe that it is your 'manual calculation' which is wrong. This should be with files of some size, otherwise the difference might be related to different starting points (e.g., with some firewalls that open/close ports automatically -but slowly-, passive mode can have quite different results for small files). Why don't you check your transfer rate against the one that lftp or filezilla report? 2011/8/10 Miroslav Pokorny miroslav.poko...@gmail.com Dividing bits over seconds is quite simple, each xfer is not going to be exactly the same even if you send /get the same file from/to the same server. For whatever reason your xfer rates seem reasonable, so they are probably correct. On Wed, Aug 10, 2011 at 8:52 PM, bahar ertik bahar.er...@gmail.com wrote: I have tried that but this doesn't give the correct transfer rate. Because the result I get is far away from the result I get when I do it manuallt, stepwise! Manually done the transfer rate for the put is 17.09 MB/sec and get 87.83 MB/sec. Recording the time at start and end gives the result put 11.11 MB/sec and get 33 MB/sec. On Wed, Aug 10, 2011 at 10:45 AM, Miroslav Pokorny miroslav.poko...@gmail.com wrote: Record the time at the start and end of the operation and divide tht with the file size. On Wed, Aug 10, 2011 at 5:50 PM, bahar ertik bahar.er...@gmail.com wrote: Hi, I am trying to transfer files from my server to a client using ftp in java and this works without any problems. My question is: Is there any way to find out the transfer rate, MB/s, of the transfer? Best Regards -- mP -- mP
Re: Has anybody used any kind of load balancing
As Toli said, I don't think this is not really FTPServer-related so, in case you don't get a response, I would try a more specific forum about LBs.Anyway, in a scenario like the one Toli described, FTPServer should need no configuration changes at all- you just have to make sure that your LB is routing the data connections to the appropriate host ( if you sticked to active mode, with the data connections being initiated by the FTP server itself, i think you wouldn't need any special configuration in the LB, but it should be easy to configure your LB to serve ftp connections correctly). 2011/8/10 Toli Kuznets tkuzn...@marinsoftware.com Sachin, I didn't personally setup the LB so unfortunately i can't give you a detailed answer. I believe that LBs support some stickiness per session, so once a connection is established from a given incoming IP it's always routed to the same target server. You are better off asking around in network-admin forums on how to set that up sorry i couldn't be of more help. On Wed, Aug 10, 2011 at 2:45 AM, Sachin Shetty sshe...@egnyte.com wrote: Hi Toli, There should be some more config changes due to the dual port nature of the protocol right? How do you handle all the data connections on your lb and make sure they are sent to the same ftp server? Thanks Sachin -Original Message- From: Toli Kuznets [mailto:tkuzn...@marinsoftware.com] Sent: Wednesday, August 10, 2011 12:06 PM To: ftpserver-users@mina.apache.org Subject: Re: Has anybody used any kind of load balancing Sachin, We use basic load round-robin load balancing via a separate hardware LB, and our ftpserver instances point to a shared NFS. works pretty well for us - we just have 2 separate instances running on 2 separate physical machines. so yes, we've done that, but it probably doesn't answer your use case since it's a trivially simple load-balancing example... On Tue, Aug 9, 2011 at 11:07 PM, Sachin Shetty sshe...@egnyte.com wrote: Hi All, Has anybody used any kind of load balancing with apache ftp server? Thanks Sachin
Re: Has anybody used any kind of load balancing
Wow, my English sucks... Among others, I meant I think this is not really FTPServer-related so 2011/8/12 David Latorre dvl...@gmail.com As Toli said, I don't think this is not really FTPServer-related so, in case you don't get a response, I would try a more specific forum about LBs.Anyway, in a scenario like the one Toli described, FTPServer should need no configuration changes at all- you just have to make sure that your LB is routing the data connections to the appropriate host ( if you sticked to active mode, with the data connections being initiated by the FTP server itself, i think you wouldn't need any special configuration in the LB, but it should be easy to configure your LB to serve ftp connections correctly). 2011/8/10 Toli Kuznets tkuzn...@marinsoftware.com Sachin, I didn't personally setup the LB so unfortunately i can't give you a detailed answer. I believe that LBs support some stickiness per session, so once a connection is established from a given incoming IP it's always routed to the same target server. You are better off asking around in network-admin forums on how to set that up sorry i couldn't be of more help. On Wed, Aug 10, 2011 at 2:45 AM, Sachin Shetty sshe...@egnyte.com wrote: Hi Toli, There should be some more config changes due to the dual port nature of the protocol right? How do you handle all the data connections on your lb and make sure they are sent to the same ftp server? Thanks Sachin -Original Message- From: Toli Kuznets [mailto:tkuzn...@marinsoftware.com] Sent: Wednesday, August 10, 2011 12:06 PM To: ftpserver-users@mina.apache.org Subject: Re: Has anybody used any kind of load balancing Sachin, We use basic load round-robin load balancing via a separate hardware LB, and our ftpserver instances point to a shared NFS. works pretty well for us - we just have 2 separate instances running on 2 separate physical machines. so yes, we've done that, but it probably doesn't answer your use case since it's a trivially simple load-balancing example... On Tue, Aug 9, 2011 at 11:07 PM, Sachin Shetty sshe...@egnyte.com wrote: Hi All, Has anybody used any kind of load balancing with apache ftp server? Thanks Sachin
Re: Ftplet
Hello Alexandre, With the current ftplet implementation this is not possible. but you can provide your own STOR/STOU implementation that handles this. We did have this very same need and I just copied the whole source code of the STOR command and added an invocation to the FTPLet method (so, this method in the FTPlet must not be called from afterCommand, but manually by you). We didn't include such a feature in the roadmap - some of the commands (STOR, STOU, and probably USER/PASS) would benefit from such a feature but there are other ways to achieve the same results right now (although they can be considered more intrusive). Cheers, David 2011/8/4 Alexandre Grunt alexandre.gr...@gmail.com Hi, I created my own class Ftplet to trigger processing after a file reception (STOR or STOU command).I want that if processing fails, the client is informed of the sending failed by 4xx ftp code. Is it possible? If not, the Apache Ftp Server Roadmap provides it? Regards, Mr GRUNT
Re: Problems with SSL
Hello, What does your log say? 2011/7/28 Fabio Melo fabio.f...@gmail.com Hi All, I'm facing some problem while coding a server server using Apache FTP server. I'm using the code bellow to create a FTP server (MyFTPServer), when a run this piece of code I'm not able to connect through a FTP client such as Filezilla, WinSCP and My own FTP client into my ftp server. There is also bellow My FTP Client which represent my FTP Client code for connect. Does any body knows what I am doing wrong? Thanks in advance MyFTPServer= import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.io.OutputStream; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import org.apache.ftpserver.FtpServer; import org.apache.ftpserver.FtpServerFactory; import org.apache.ftpserver.ftplet.Authority; import org.apache.ftpserver.ftplet.DataConnection; import org.apache.ftpserver.ftplet.DefaultFtpReply; import org.apache.ftpserver.ftplet.DefaultFtplet; import org.apache.ftpserver.ftplet.FtpException; import org.apache.ftpserver.ftplet.FtpReply; import org.apache.ftpserver.ftplet.FtpRequest; import org.apache.ftpserver.ftplet.FtpSession; import org.apache.ftpserver.ftplet.Ftplet; import org.apache.ftpserver.ftplet.FtpletResult; import org.apache.ftpserver.ftplet.UserManager; import org.apache.ftpserver.impl.LocalizedFtpReply; import org.apache.ftpserver.listener.ListenerFactory; import org.apache.ftpserver.ssl.SslConfigurationFactory; import org.apache.ftpserver.usermanager.PropertiesUserManagerFactory; import org.apache.ftpserver.usermanager.SaltedPasswordEncryptor; import org.apache.ftpserver.usermanager.impl.BaseUser; import org.apache.ftpserver.usermanager.impl.WritePermission; public class FTPServerTest extends DefaultFtplet { public FTPServerTest() { try { FtpServerFactory serverFactory = new FtpServerFactory(); PropertiesUserManagerFactory userManagerFactory = new PropertiesUserManagerFactory(); ListenerFactory factory = new ListenerFactory(); factory.setPort(2221); userManagerFactory.setFile(new File(myusers.properties)); userManagerFactory.setPasswordEncryptor(new SaltedPasswordEncryptor()); UserManager um = userManagerFactory.createUserManager(); BaseUser user = new BaseUser(); // define SSL configuration SslConfigurationFactory ssl = new SslConfigurationFactory(); ssl.setKeystoreFile(new File(ftpserver.jks)); ssl.setKeystorePassword(password); // set the SSL configuration for the listener factory.setSslConfiguration(ssl.createSslConfiguration()); factory.setImplicitSsl(false); ListAuthority authorities = new ArrayListAuthority(); authorities.add(new WritePermission()); user.setAuthorities(authorities); user.setName(myNewUser); user.setPassword(secret); um.save(user); serverFactory.setUserManager(um); serverFactory.addListener(default, factory.createListener()); HashMapString, Ftplet ftplets = new HashMapString, Ftplet(0); ftplets.put(DEFAULT, this); serverFactory.setFtplets(ftplets); // start the server FtpServer server = serverFactory.createServer(); server.start(); } catch (FtpException e) { e.printStackTrace(); } } public static void main(String[] args) { new FTPServerTest(); } @Override public FtpletResult onConnect(FtpSession session) throws FtpException, IOException { System.out.println(onConnect); return super.onConnect(session); } @Override public FtpletResult onLogin(FtpSession session, FtpRequest request) throws FtpException, IOException { System.out.println(onLogin); return super.onLogin(session, request); } @Override public FtpletResult onUploadStart(FtpSession session, FtpRequest request) throws FtpException, IOException { String requestedFile = request.getArgument(); OutputStream in = new FileOutputStream(requestedFile); // open data connection DataConnection out = null; session.write(new DefaultFtpReply(150, Getting data connection.)); try { out = session.getDataConnection().openConnection(); } catch (Exception ex) { System.out.println(Exception); } if (out == null) { System.out.println(onUpload - out null); return FtpletResult.SKIP; } // transfer data try { out.transferFromClient(session,in); } finally { session.write(new DefaultFtpReply(226, Transfer Complete.)); session.getDataConnection().closeDataConnection(); in.close(); } System.out.println(onUpload - end); return FtpletResult.SKIP; } @Override public FtpletResult onUploadEnd(FtpSession session, FtpRequest request){ System.out.println(fim do up); return FtpletResult.DEFAULT; } } My FTP Client import java.io.FileInputStream;
OutOfMemoryError - GC overhead limit exceeded
Hey guys, This weekend our ftpserver implementation (which we recently switched from a web-based application to a standalone app launched using ftpd.sh from the distro but using some 'company standard' memory options) threw the exception in the title: OutOfMemoryError - GC overhead limit exceeded Funny thing is that we don't have any traffic on weekends except for an automated tool that connects every 5 minutes to get sure everything is working fine... so I can hear these words out loud: MEMORY LEAK. FTPServer is launched like this: -server -Xms256m -Xmx256m -XX:+UseParallelOldGC -XX:+UseAdaptiveSizePolicy -XX:+UseBiasedLocking -XX:+EliminateLocks -XX:+AggressiveOpts Have any of you experienced this exception or any other memory-related one? What heap sizes are you using? In my test, I never needed more than 100mb but after a couple of weeks it seems this is no longer true. *I'm pretty sure our code is not causing the possible leak - I would tend to point at MINA for this... what do you think, Niklas? It seems they are still using M4.
Re: [proftpd] Re: Re: ftplet not being called
Hello Allen, I would need some more info for this, e.g., 1) Are the clients using FTP or FTPS? 2) Are they using a 'publicly available' FTP client? which one? 3) Is it possible that you're capturing some exceptions silently? If I understand you correctly, FTPServer itself has logging disabled; is it so? First option here is that you ask your client if they have any logs of the file transfer... Otherwise, I don't find it easy to find your problem... Maybe you can try to obtain finer grained logging in FTPServer by using an implementation that allows Filters to be specified so you don't have to turn on all the logging output if you're worried about system performance (I don't actually know if there's reason to worry). 2011/6/8 Allen Firstenberg prof...@addventure.com: On Wed, Jun 8, 2011 at 5:44 AM, Niklas Gustavsson nik...@protocol7.comwrote: Which exact log statement is it that you were expecting? From FtpLoggingFilter? What logging provider are you using? Assuming this is a race condition, it could be both in FtpServer, slf4j and the logging provider. The logging in this case isn't code level logging, it is command/transfer logging. It is an ftplet that can be configured to log various attributes from an FtpSession, FtpRequest, and/or FtpReply. It is intended for xferlog and similar logging capabilities. We've mentioned this in the past as something we're working on and that we intend to release to the project when we feel its ready for prime time. In this case, log messages are saved to a file during both beforeCommand() and afterCommand() in several different ftplets. In order for it to be a race condition, these would have had to fail multiple times - and just for this particular instance. I can't rule it out, of course, but it seems unlikely. Allen
Re: Supporting CCC (Clear Command Channel) command
2011/4/19 sebb seb...@gmail.com: On 19 April 2011 14:46, Sai Pullabhotla sai.pullabho...@jmethods.com wrote: I was trying it with one of our own home grown client API and with Apache Commons-net. The current release of commons-net is broken, but there is a patch that was submitted, which is in the trunk. With the trunk code of commons-net, it works once in a while (one out of 4 times). The rest of the times, it thinks that it received a bad ftp reply (most probably because of timing issue, and the fact that the MINA code sends the TLS_CLOSE signal). Looks like the TLS close signal is becoming part of the reply to the command that was sent right after CCC. What is the exact error message? Our home grown API also runs into the same issue because of the TLS_CLOSE. I do believe that TLS_CLOSE signal is the expected behaviour. RFC4217 states that: Otherwise, the server is accepting the CCC command and should do the following: o Send a 200 reply. o Shutdown the TLS session on the socket and leave it open. I'm trusting here this link that explains ssl shutdown: http://linux.die.net/man/3/ssl_shutdown So, I guess that close notify is the way to go and if that's the only reason to fail, it's the client which is broken. This said, Sun Java SSL implementation seems more restrictive than others. I found an issue with WinSCP where , for some file sizes (when you're using a block cipher for the encryption of the secure FTP data connection - which I think is most often the case in SSL connections), the TLS_CLOSE message gets truncated. This is a bug in WinSCP, of course, but it caused Mina FTPServer to abort the transfer (when the file has been already received!) whilst other servers completely ignored the fact that the TLS_CLOSE message was incorrect. So I would only implement CCC if I was sure that most clients that support this command can interact seamlessly with FTPServer, to my mind it's not that useful a feature if it means we can end up with unexpected (and 'superflous') connection losses. At this point, I am trying to figure out the correct procedure to unwrap/unprotect an SSLSocket into a plain socket and who should initiate the TLS_CLOSE, and if it is really needed. Can you attach your current code as a JIRA patch, and then I can try with Commons Net? I'm hoping to release Net 3.0 soon, and if there are issues with CCC it would be nice to sort those first. Oh, that's great news. I just reviewed a few changes I had to include in the codebase and I think all of them are included - even better! Maybe between us we can fix ftpserver and net ... Sai Pullabhotla On Tue, Apr 19, 2011 at 8:23 AM, sebb seb...@gmail.com wrote: On 19 April 2011 13:47, Sai Pullabhotla sai.pullabho...@jmethods.com wrote: Has any one tried to implement the CCC command in FTPS? I've been trying to do this, but having issues. I was wondering if any one has a better knowledge of what should be done to unprotect the control channel. Here is what I've tried: 1. Added an implementation class for CCC, and registered it with the factory 2. Server receives the CCC command from the client 3. Server sends a positive reply back to the client, and waits for the message to be sent using the await() method on the future. This should ensure that the reply to CCC is still sent over the encrypted channel. 4. Server removes the SslFilter from the filter chain of the session In theory (according to my understanding) this should do the trick, but I'm seeing different results with different clients. I could not get it to work consistently with any client. I noticed that the MINA code does send a TLS_CLOSE message to the client when the SslFilter is removed (from the onPreRemoveFilter method). Is this needed on the server or should the client initiate the TLS_CLOSE sequence, by closing the SSLSocket (without closing the underlying socket)? Does SSL (SSL v2 for example) also have a special close sequence like the TLS does? I appreciate any feedback, pointers on how to get this to work. It would be great if you could get this to work! There don't seem to be many ftp servers that support CCC. What results are you seeing, and what clients are you using?
Re: Determine hostname from a custom UserManager
We are also using this user_Domain as a workaround but in case of Dan question, he only need to know what is the server name to which FTPserver is deployed... I would have it in my config file and pass it as an argument to your custom UserManager. If you don't want to depend on properties, I guess you can also call InetAddress.getLocalHost() Cheers, David 2011/3/25 Brad McEvoy mina...@bradmcevoy.com: Hi Daniel, I don't think there is any equivalent because FTP doesnt have the equivalent of the HTTP host header. But i've had the same with the milton FTP/Webdav connector (see http://milton.ettrema.com), and my solution is to allow users to enter a user name which includes the domain name in the form user#domain.com. I'd be interested to see if anyone knows of any better options. Cheers, Brad On Fri, 25 Mar 2011 14:48 -0400, Daniel Cane daniel.c...@modernizingmedicine.com wrote: Greetings all. I’m developing a custom userManager and have impl all wired up. My question is from inside the authenticate() method I need to know the equivalent of request.getServerName() in order to correctly associate which domain the user is in. We partition our data by servername so that use a user myusername FTPing to foo.myserver.com would be different from myusername FTPing to bar.myserver.com. Basically, I just need the URL prefix. Any thoughts as to how I might be able to get that info? I see that an Ftplet has access to session, but don’t see how to get at this frim the authenticate method location. Thanks in advance! Dan -- Brad McEvoy b...@bradmcevoy.com
Re: FTPlet entrySet: Sort order for multiple active FTPlets?
If you read the case that sai himself opened, you'll see that the Spring config generates a subclass of LinkedHashMap which is enough to preserve order of execution. So, for theI users wiring the server via Spring there's no need to specify a Map version. For embedders invoking the API methos directly, I agree with Niklas that we shouldn't force them to use LinkedHashMap (what if they want to use a SortedMap?) or any other map implementation, execution order here is the responsability of the user, not ours. This said, Sai has a valid point when he speaks about predictability and I could be led to agree with him if he still insisted on that option. But, if javadoc is OK I don't think this change is really needed, and would mean breaking our API so it would be available just for the 'trunk' version. 2011/3/18 Christian Gosch christian.go...@inovex.de: Hmm... To refer to the closed issue, it would be helpful if the example Spring configuration named config-full.xml would contain a ftplets element which *does* define a Map type to use -- but I cannot see anything like this inside this file (see the attached files, as of v1.0.5, 2010-SEP-26, 6:24PM). --cg -Original Message- From: Sai Pullabhotla [mailto:sai.pullabho...@jmethods.com] Sent: Friday, March 18, 2011 2:09 PM To: ftpserver-users@mina.apache.org Subject: Re: FTPlet entrySet: Sort order for multiple active FTPlets? Well... there was a open case about this, which is now closed... https://issues.apache.org/jira/browse/FTPSERVER-223 Are you sure this is still an issue? On Fri, Mar 18, 2011 at 7:46 AM, Christian Gosch christian.go...@inovex.de wrote: Hi, I just looked at the implementation of DefaultFtpletContainer.onConnect() and saw that it processes all contained (registered) Ftplets by traversing the (concurrent hash) map of declared Ftplets, just as onDisconnect(). But it does so based on the ftplets.entrySet() and the sort order which it imposes on the entry set, which in turn is undefined in that it does not guarantee any special sort order. Why is the concurrent map ftplets not implemented as a map with a reliable sort order depending on the key values? It may be good practice to have every registered Ftplet act independently of any other in the same container, but there may be good reasons to have an ordered sequence, may be by order of declaration, or by order of key or whatever may be appropriate. Is there a special rationale behind this? btw: I did not yet find any time to play around with this really :-( Regards, -- Dipl.-Inform. Christian Gosch, PMI PMP Systems Architecture, Project Management inovex GmbH Büro Pforzheim Karlsruher Strasse 71 D-75179 Pforzheim Tel: +49 (0)7231 3191-85 Fax: +49 (0)7231 3191-91 c.go...@inovex.de www.inovex.de Sitz der Gesellschaft: Pforzheim AG Mannheim, HRB 502126 Geschäftsführer: Stephan Müller !DSPAM:4d83598117594243614118!
Re: Get the stream file
I agree with nilkas here for your use case. Still, are you sure you don't need to store the file? I think there are a number of reasons, mainly traceability, for you to keep those files as 'a backup' or in case the file cannot be parsed. I would rather have a copy of the file that failed so I can check what the problem was. Cheers, David 2011/3/3 Niklas Gustavsson nik...@protocol7.com: On Wed, Mar 2, 2011 at 8:03 PM, Pierre-Luc Pineault pino_...@hotmail.com wrote: All I want is to parse a text file send by a user without storing the file on the server. So, I see this is possible to get the data input stream from request by Ftplet onUploadStart(session, request). So, I want to get the stream and parse each line to store the data in a database. For the momment i am working with onUploadEnd() and I delete the file once parsed. But, the best way for us is to parse. While you probably can solve this from an Ftplet, I would recommend looking into writing a custom filesystem for this purpose. /niklas
Re: Is there a way to access the FtpSession.lastReply in the handleOnClose() call?
Hello Toli, why don't you set your ftpet to be run after STOR (and STOU...) command? In the old way this was the method onUploadEnd(). 2011/2/12 Toli Kuznets tkuzn...@marinsoftware.com: Hi, I have a custom FtpLet and I wan to kick off a job on file upload, so i override the handleOnClose() call. I'm running into a situation where when my users use SSIS (scary Microsoft product) to send files over FTP, they are not able to establish a data connection to my server (separate problem), there's an internal exception in STOR.execute() but I still get a callback in onHandleClose() However, when I get the callback, it's impossible for me to tell the difference between a successful upload or a callback after an exception when there was no physical file placed on disk. Looking in the debugger, I notice that the incoming FtpSession is actually a DefaultFtpSession that has an FtpIoSession that has a getLatReply() method that can return me something useful (REPLY_425_CANT_OPEN_DATA_CONNECTION in my case). However, getting to lastReply is not exposed. is there a better way to tell if handleOnClose() is being called on success or failure? How can i tell those 2 situations apart? My server is setup with all defaults for connections - in this case, the connection is coming in as ACTIVE and for some reason i get an exception when opening data connection, so i want to catch that case and not kick of an event in handleOnClose() This is on FtpServer-1.0.5, and the relevant stacktrace from the call to handleOnClose() after the failed open of data connection is: at com.marin.plugin.ftpserver.FileUploadNotifierFtplet.onUploadEnd(FileUploadNotifierFtplet.java:70) at org.apache.ftpserver.ftplet.DefaultFtplet.afterCommand(DefaultFtplet.java:89) at org.apache.ftpserver.ftpletcontainer.impl.DefaultFtpletContainer.afterCommand(DefaultFtpletContainer.java:144) at org.apache.ftpserver.impl.DefaultFtpHandler.messageReceived(DefaultFtpHandler.java:220) The unable to open data connection is below if it helps: 11 Feb 2011 16:15:30,977 DEBUG [pool-5-thread-1] nativefs.impl.NativeFtpFile (NativeFtpFile.java:212) - Checking if file exists 11 Feb 2011 16:15:30,977 DEBUG [pool-5-thread-1] nativefs.impl.NativeFtpFile (NativeFtpFile.java:218) - Authorized 11 Feb 2011 16:16:45,931 DEBUG [pool-5-thread-1] command.impl.STOR (STOR.java:134) - Exception getting the input data stream java.net.ConnectException: Operation timed out at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:432) at java.net.Socket.connect(Socket.java:529) at java.net.Socket.connect(Socket.java:478) at org.apache.ftpserver.impl.IODataConnectionFactory.createDataSocket(IODataConnectionFactory.java:314) at org.apache.ftpserver.impl.IODataConnectionFactory.openConnection(IODataConnectionFactory.java:259) at org.apache.ftpserver.command.impl.STOR.execute(STOR.java:132) at org.apache.ftpserver.impl.DefaultFtpHandler.messageReceived(DefaultFtpHandler.java:210) This is very reproducible, so i can provide any other information that may be helpful. I'm seeing similar behaviour directly from Windows FTP command-line shell. all other use cases (from Mac, from Windows FileZilla, etc work just fine) thanks!
Re: Is there a way to access the FtpSession.lastReply in the handleOnClose() call?
Uh, I see that's what you did :) 2011/2/14 David Latorre dvl...@gmail.com: Hello Toli, why don't you set your ftpet to be run after STOR (and STOU...) command? In the old way this was the method onUploadEnd(). 2011/2/12 Toli Kuznets tkuzn...@marinsoftware.com: Hi, I have a custom FtpLet and I wan to kick off a job on file upload, so i override the handleOnClose() call. I'm running into a situation where when my users use SSIS (scary Microsoft product) to send files over FTP, they are not able to establish a data connection to my server (separate problem), there's an internal exception in STOR.execute() but I still get a callback in onHandleClose() However, when I get the callback, it's impossible for me to tell the difference between a successful upload or a callback after an exception when there was no physical file placed on disk. Looking in the debugger, I notice that the incoming FtpSession is actually a DefaultFtpSession that has an FtpIoSession that has a getLatReply() method that can return me something useful (REPLY_425_CANT_OPEN_DATA_CONNECTION in my case). However, getting to lastReply is not exposed. is there a better way to tell if handleOnClose() is being called on success or failure? How can i tell those 2 situations apart? My server is setup with all defaults for connections - in this case, the connection is coming in as ACTIVE and for some reason i get an exception when opening data connection, so i want to catch that case and not kick of an event in handleOnClose() This is on FtpServer-1.0.5, and the relevant stacktrace from the call to handleOnClose() after the failed open of data connection is: at com.marin.plugin.ftpserver.FileUploadNotifierFtplet.onUploadEnd(FileUploadNotifierFtplet.java:70) at org.apache.ftpserver.ftplet.DefaultFtplet.afterCommand(DefaultFtplet.java:89) at org.apache.ftpserver.ftpletcontainer.impl.DefaultFtpletContainer.afterCommand(DefaultFtpletContainer.java:144) at org.apache.ftpserver.impl.DefaultFtpHandler.messageReceived(DefaultFtpHandler.java:220) The unable to open data connection is below if it helps: 11 Feb 2011 16:15:30,977 DEBUG [pool-5-thread-1] nativefs.impl.NativeFtpFile (NativeFtpFile.java:212) - Checking if file exists 11 Feb 2011 16:15:30,977 DEBUG [pool-5-thread-1] nativefs.impl.NativeFtpFile (NativeFtpFile.java:218) - Authorized 11 Feb 2011 16:16:45,931 DEBUG [pool-5-thread-1] command.impl.STOR (STOR.java:134) - Exception getting the input data stream java.net.ConnectException: Operation timed out at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:432) at java.net.Socket.connect(Socket.java:529) at java.net.Socket.connect(Socket.java:478) at org.apache.ftpserver.impl.IODataConnectionFactory.createDataSocket(IODataConnectionFactory.java:314) at org.apache.ftpserver.impl.IODataConnectionFactory.openConnection(IODataConnectionFactory.java:259) at org.apache.ftpserver.command.impl.STOR.execute(STOR.java:132) at org.apache.ftpserver.impl.DefaultFtpHandler.messageReceived(DefaultFtpHandler.java:210) This is very reproducible, so i can provide any other information that may be helpful. I'm seeing similar behaviour directly from Windows FTP command-line shell. all other use cases (from Mac, from Windows FileZilla, etc work just fine) thanks!
Re: 502 Command ALLO not implemented.
Hello Nguyen, Your problem is not the response to the ALLO command but that your client is unable to connect to 10.2.177.137 One possibility is that the IP is correct but a firewall is rejecting the connections. But 10.2.177.137 is not an internet address which is what you probably want; this is a typical case which we have addressed in MINA using the external-address property, you may need to define it as in this example: data-connection idle-timeout=120 implicit-ssl=false active enabled=true local-port=16001 ip-check=false/ passive ports=19000-19900 address=10.2.177.137 external-address=PUBLICIP/ /data-connection /nio-listener PUBLICIP can be an ip address in the x.x.x.x format or a hostname. Make sure the ports are reachable and no firewall is in your way :) 2011/1/13 Nguyen Hai Nam nam...@nd24.net: Hello, I'm trying to deliver backup file from my cpanel (v.11) hosting to my ftp server. I've just configured typical setting only. But it had this error: 502 Command ALLO not implemented. Net::FTP Net::FTP(2.77) Net::FTP Exporter(5.58) Net::FTP Net::Cmd(2.29) Net::FTP IO::Socket::INET(1.29) Net::FTP IO::Socket(1.29) Net::FTP IO::Handle(1.25) Net::FTP=GLOB(0x863ce10) 220 Service ready for new user. Net::FTP=GLOB(0x863ce10) USER cdn Net::FTP=GLOB(0x863ce10) 331 User name okay, need password for cdn. Net::FTP=GLOB(0x863ce10) PASS Net::FTP=GLOB(0x863ce10) 230 User logged in, proceed. Net::FTP=GLOB(0x863ce10) TYPE I Net::FTP=GLOB(0x863ce10) 200 Command TYPE okay. Net::FTP=GLOB(0x863ce10) CWD / Net::FTP=GLOB(0x863ce10) 250 Directory changed to / Net::FTP=GLOB(0x863ce10) ALLO 239590440 Net::FTP=GLOB(0x863ce10) 502 Command ALLO not implemented. Net::FTP=GLOB(0x863ce10) PASV Net::FTP=GLOB(0x863ce10) 227 Entering Passive Mode (10,2,177,137,6,37) Net::FTP=GLOB(0x863ce10) STOR backup-1.13.2011_14-56-28.tar.gz Net::FTP=GLOB(0x863ce10) 150 File status okay; about to open data connection. Net::FTP=GLOB(0x863ce10) QUIT Net::FTP=GLOB(0x863ce10) 425 Can't open data connection. Would you please help to find the solution for this problem? Thanks and best regards, -- Best regards, Hai Nam, Nguyen
Re: Connection errors
I don't have the time to look into this with detail right now but are you sure it's not the client side the one which is closing the connection? 2010/12/10 Danilo Rosetto Muñoz munozdan...@gmail.com: Hi all, I'm getting to many errors on my ftp server. The scenario is: - I have ftp server embedded on my app - I have about 50 connections: - Its about 15 ~ 30 computers - Its about 2 ~ 3 connections per IP - Config (server): - maxlogins= 400 - maxthreads = 20 - Config (user): - idletime = 1200 - maxloginnumber = 0 - maxloginperip = 0 - The error occurs to any of computers. I mean, it doesnt occur for an specific IP - The network is stable (FO) I dont know if I can post log here because the email size ... I dont, please let me know. This is the log: 2010-12-10 11:50:32,088 pool-3-thread-8 WARN FtpLoggingFilter:122 [ 172.18.0.22:2479] - EXCEPTION : java.io.IOException: Connection reset by peer at sun.nio.ch.FileDispatcher.read0(Native Method) at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:251) at sun.nio.ch.IOUtil.read(IOUtil.java:224) at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:254) at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:202) at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:42) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:620) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:598) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:587) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:61) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:969) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) at java.lang.Thread.run(Thread.java:636) 2010-12-10 11:50:32,089 pool-3-thread-8 ERROR DefaultFtpHandler:156 [ 172.18.0.22:2479] - Exception caught, closing session java.io.IOException: Connection reset by peer at sun.nio.ch.FileDispatcher.read0(Native Method) at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:251) at sun.nio.ch.IOUtil.read(IOUtil.java:224) at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:254) at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:202) at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:42) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:620) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:598) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:587) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:61) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:969) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) at java.lang.Thread.run(Thread.java:636) And this: 2010-12-10 11:55:17,885 pool-3-thread-10 WARN FtpLoggingFilter:122 [ 172.18.0.13:4485] - EXCEPTION : org.apache.mina.core.write.WriteToClosedSessionException at org.apache.mina.core.polling.AbstractPollingIoProcessor.clearWriteRequestQueue(AbstractPollingIoProcessor.java:573) at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPollingIoProcessor.java:534) at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeSessions(AbstractPollingIoProcessor.java:497) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:61) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:974) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) at java.lang.Thread.run(Thread.java:636) 2010-12-10 11:55:17,885 pool-3-thread-10 WARN DefaultFtpHandler:151 [ 172.18.0.13:4485] - Client closed connection before all replies could be sent, last reply was HeapBuffer[pos=0 lim=14 cap=14: 32
Re: Error when setting file type
Do you have the server log and ftpclient output? I mean the output you get if you do something like this: client.addProtocolCommandListener(new PrintCommandListener(new PrintWriter(System.out))); The active/passive mode settings are per connection (session) so I don't think this may be the problem. 2010/11/12 Aidan Diffey aidan.dif...@gmail.com: Hello. I have an embedded FTP server running inside JBoss that receives input from 40 concurrent FTP clients. I am using apache commons.net FTPS client to send the data. Each of these FTP Clients sends both ASCII and Binary data randomly (well, sort of) but I am getting a recurring exception: 2010-11-11 18:06:27,714 ERROR [className] org.apache.commons.net.ftp.FTPConnectionClosedException: Connection closed without indication. at org.apache.commons.net.ftp.FTP.__getReply(FTP.java:297) at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:490) at org.apache.commons.net.ftp.FTPSClient.sendCommand(FTPSClient.java:465) at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:534) at org.apache.commons.net.ftp.FTP.type(FTP.java:934) at org.apache.commons.net.ftp.FTPClient.setFileType(FTPClient.java:965) This appears to be happening when the setFileType is being called as each client needs to set the fileType before sending its data. So, client 1 could be sending binary data, and set file type = Binary, but at the same time, client 2 could be sending ASCII data and setting file type to ASCII. Is there a potential problem with FTPServer, or should I be looking into the Apache FTP client. Regards
RE: Logging level
Those are logginf frameworks that can be used with FTPServer, which logging framekwork are you using? -Mensaje original- De: Danilo Rosetto Muñoz [mailto:munozdan...@gmail.com] Enviado el: lunes, 08 de noviembre de 2010 17:43 Para: ftpserver-users@mina.apache.org Asunto: Re: Logging level David, Sorry, but what do you mean with log4j/jul/logback ? Thank you! On Mon, Nov 8, 2010 at 2:14 PM, David Latorre dvl...@gmail.com wrote: Hello Danilo, You can set the log levels individually according to the logger name (which usually is equal to the name of the class that instantiated the logger) . Something like this should be possible: com.your.enterpise.yourapp = DEBUG org.apache.ftpserver = ERROR See the log4j/jul/logback documentation for the specific syntax for your logging package. 2010/11/8 Danilo Rosetto Muñoz munozdan...@gmail.com: Hi, I checked http://mina.apache.org/ftpserver/logging.html page. So once the log is configured through properties file, I believe that its impossible set some filter like we have in XML configuration log files. The problem is that I am embedding FTP server on my app and I get too many logging from FTP. I wouldn´t like to set up my app logging level. So, lets summarize my question: How to separate my app and FTP server logging? May I do that at run time? Thanks a lot, -- Danilo Rosetto Muñoz munozdan...@gmail.com http://munozdanilo.googlepages.com -- Danilo Rosetto Muñoz munozdan...@gmail.com http://munozdanilo.googlepages.com
Re: Logging level
Hello Danilo, You can set the log levels individually according to the logger name (which usually is equal to the name of the class that instantiated the logger) . Something like this should be possible: com.your.enterpise.yourapp = DEBUG org.apache.ftpserver = ERROR See the log4j/jul/logback documentation for the specific syntax for your logging package. 2010/11/8 Danilo Rosetto Muñoz munozdan...@gmail.com: Hi, I checked http://mina.apache.org/ftpserver/logging.html page. So once the log is configured through properties file, I believe that its impossible set some filter like we have in XML configuration log files. The problem is that I am embedding FTP server on my app and I get too many logging from FTP. I wouldn´t like to set up my app logging level. So, lets summarize my question: How to separate my app and FTP server logging? May I do that at run time? Thanks a lot, -- Danilo Rosetto Muñoz munozdan...@gmail.com http://munozdanilo.googlepages.com
Re: localhost is working, machine name does not
Hello Oleg, Just remove the local-address property in the listener configuration so FTPServer will bind to all the available interfaces. 2010/8/3 Francis De Brabandere franci...@gmail.com: I suppose you could try binding to 0.0.0.0 that should bind to all interfaces On Tue, Aug 3, 2010 at 2:15 PM, Koyfman, Oleg o...@hp.com wrote: Ok, I found the problem. I was passing localhost as a binding address. Once I passed the machine name, I could connect to it from another machine, however, now I can't connect to a localhost. Can I pass few addresses to bind my ftp with? Thanks, Oleg. -Original Message- From: Koyfman, Oleg Sent: Tuesday, August 03, 2010 2:43 PM To: ftpserver-users@mina.apache.org Subject: localhost is working, machine name does not Hi, I am using one of the given examples CommandLine class, and pass it ftpd-typical.xml configuration file. The ftp server is running and I can connect to it from my localhost using the name localhost. But if I try to use it from another machine by its IP or even from the same machine with IP, it fails to connect. I suspect, that there is something with IP bindings, but I couldn't find anything like it in the internet. Does anybody knows what is the problem? Thanks, Oleg. -- http://www.somatik.be Microsoft gives you windows, Linux gives you the whole house.
Re: [proftpd] Re: diagnosing startup problems
Hello Allen, You need to call server.start() Since my knowledge of spring is equal to NIL, I can't help you with that but I think there is a init-method( and destroy-method) attribute that can be used in bean declarations in order to control object lifecycle. 2010/8/3 Allen Firstenberg prof...@addventure.com: All I have been doing is including the FtpServer xml configuration as one of my servers's configuration files. I can confirm that the server object is being created, along with what looks like some autowired framework to support it. Once the bean is created - is there something specific I need to do to run it? This seems to contradict the documentation which states you can embed the server element where ever you like within you Spring configuration, and with FtpServer on the classpath, Spring will wire up the server for you. Allen On Tue, Aug 3, 2010 at 7:32 AM, David Latorre dvl...@gmail.com wrote: Can you copypaste the code you are using to start the server? 2010/8/2 Allen Firstenberg prof...@addventure.com: I have been attempting to incorporate FtpServer into a current spring-based project that I have, and have run into some problems. Although I have a configuration file that works using the stand-alone script, it does not seem to start a server (or at least does not seem to listen on the designated port) when incorporated into my project. I can see a spring diagnostic message saying it is reading the xml file, and that the singletons are created - but nothing obvious indicating why it is not listening to the port. Any suggestions for the best way to diagnose startup problems of this sort? Thanks! Allen
Re: Handling maximum login limit condition
Hello Satish, You can set an idle timeout so clients will be disconnected after this time as the documentation explains. Killing all the client connections doesn't sound quite right to me. 2010/7/19 Satish Kaveti satish.kav...@sick.com: I am using FtpServer with multiple FTP clients sending JPEG images. The FTP clients are multithreaded applications. Occassionally, the FtpServer goes into a continuous loop wherein it refuses all new client connections with '421 Maximum login limit has been reached' response. It seems that for some reason the client is not closing the inactive connection. As I have not control over the FTP client code, I am not sure of the real cause of the problem. As a temporary fix, at the FtpServer I want to close all client connections whenever the login limit is reached. How can I implement it ? Thanks. Satish Kaveti Software Engineer SICK, Inc. Automatic Identification Solutions 800 Technology Center Drive Suite 6 Stoughton, MA 02072 USA Direct: 781.302.2525 Phone: 781.302.2500 Fax: 781.828.3150 http://www.sickusa.com
Re: keep user files on ftp server always encrypted
Hello, As Frank says, this is easily fixed using your own FileServer implementation. I made some changes in the Default FileSystem impl. in order to make this task simpler by extending NativeFtpFile. In our case, we only needed to extend two methods: public InputStream createInputStream(final long offset) throws IOException ( this one would open a decryption stream over the regular FileInputStream so the users get the plain files back). public OutputStream createOutputStream(final long offset) ( this one would open an Encryption stream over the regular FileOutputStream so the received files are stored encrypted). But please, take into account that our solution probably breaks compatibility with ascii mode, z mode (compression) and even REST support - we do not need any of these features. 2010/7/15 Frank van der Kleij kl...@hotmail.com: You can easily plug in your own file system via the configuration file. In your implementation you can just extend the standard (at least if you want to store the files in the local filesystem) and do your encryption and decryption. Frank Date: Wed, 14 Jul 2010 21:49:46 -0400 Subject: keep user files on ftp server always encrypted From: sur...@gmail.com To: ftpserver-users@mina.apache.org Hi, I'm wondering if it's possible to keep user data always encrypted on the ftp server in current implementation. If not, how much efforts it'll take and can it be prioritized in any other way than voting? Example: When user upload a plain file to ftp - it encrypts file and stores encrypted file instead of plain one. And otherwise when download. Thanks, K. _ New Windows 7: Find the right PC for you. Learn more. http://windows.microsoft.com/shop
Re: How do you specify a custom file system?
I'm glad you solved your problem! AFAIK, we don't have any example of FTPFileSystem which implements permissions (be it DB-based or otherwise) so if you were able to contribute it ( i don't know if as an example or even as an alternative FileSystem implementation) many of our users would be thankful! If you have any other problem with FTPServer or any suggestion to improve the product, we'll be glad to help :-) Cheers, 2010/6/2 Toli Kuznets tkuzn...@marinsoftware.com: Gentleman, I sincerely apologize and withdraw my previous question due to user error - I was editing the wrong Spring file, and hence was seeing the error. My bad! I see that you need to supply the FileSystemFactory to the ftp:filesystem setup, and that supplies the User object to the FileSystem. I think I can work with that, and I probably don't need to set the FtpContext thank you very much for the great design! On Wed, Jun 2, 2010 at 10:48 AM, Toli Kuznets tkuzn...@marinsoftware.com wrote: Hi, I'm trying to specify a custom file system implementation to be users when users log in. I want to use one shared directory, and depending on user permissions, i'll need to show different set of visible directories to them. All the permissions will be coming from a db. I've noticed that there's a ftp:filesystem element in the ftp:server definition, but i can't seem to get the right Spring syntax to load it up. I've tried this: ftp:server id=ftpServer anon-enabled=false max-anon-logins=-1 ftp:filesystem bean id=filesystem class=com.marin.plugin.MarinFileSystem/ /ftp:filesystem /ftp:server However, when i try running it i get the following error: BeanDefinitionParsingException: Configuration problem: Cannot locate BeanDefinitionParser for element [filesystem] Offending resource: class path resource [ftpserver-config.xml] What is the correct way to specify the filesystem? And a follow up question: How do you specify the FtpServerContext for the file system to be used? The FileSystem interface doesn't have any user information, and all my directory decisions must b edone based of the user that's browsing the file system. I can crate the serverContext and pass it to my file system,but i need to have the FtpServer use that context I didn't see any mention of the context in the Spring configs. thanks.
Re: Embedding ftpserver for unit test
Thanks for the help, Andy! Please note that the current recommended way of creating users is using org.apache.ftpserver.usermanager.UserFactory if available, this way you can create users in an OSGI environment. I just updated the ManagingUsers example :) 2010/5/23 Marc Esher marc.es...@gmail.com: Andy, Thanks! Everything is working fine now. Regards, Marc On Sat, May 22, 2010 at 7:56 PM, Andy Thomson a10008...@gmail.com wrote: Marc, Tried out your code snippet, changed the user file to just user.properties so that it would be relative to the where code was actually run. I tested with maven, so I created an empty file called user.properties in the same directory as the pom.xml [project root]. I made the user home to be /tmp/bin/ftp/tmpHome. It worked. The user home directory was in the /tmp directory. I set the permissions to 777 on that tree, and wrote a file via ftp. I changed the user home directory to be a relative path, it also worked. The user home directory was created in the project root. I am suspecting that your problem is that the user.properties did not exist. Create it in a known location, just make it an empty file. Here is the code: public class FtpTest { /** * @param args the command line arguments */ public static void main(String[] args) throws FtpException { FtpServerFactory serverFactory = new FtpServerFactory(); ListenerFactory factory = new ListenerFactory(); factory.setPort(2221); serverFactory.addListener(default, factory.createListener()); FtpServer server = serverFactory.createServer(); PropertiesUserManagerFactory userFactory = new PropertiesUserManagerFactory(); File userFile = new File(users.properties); File userHome = new File(tmp/ftp/tmpHome/); userHome.mkdirs(); userFactory.setFile(userFile); UserManager um = userFactory.createUserManager(); BaseUser user = new BaseUser(); user.setName(unittest); user.setPassword(unittest); user.setHomeDirectory(userHome.getAbsolutePath()); um.save(user); System.out.println(user.getHomeDirectory()); serverFactory.setUserManager(um); System.out.println(Arrays.toString(um.getAllUserNames())); server.start(); } } Andy On 05/22/2010 10:47 AM, Marc Esher wrote: Greetings all, Please pardon what is surely something very simple I'm missing. I need to spin up an ftp server solely for the purpose of a unit test, and Apache FtpServer seems like exactly what I need. Except... I'm having a bit of trouble with the user's permissions and home directory. The server starts fine, and I can log in with the user I'm creating, but the I get a 550 no such directory problem on login. As I said, I know this is a complete duh thing, but I can't figure it out. Here's my sample code: FtpServerFactory factory = new FtpServerFactory(); FtpServer server = factory.createServer(); PropertiesUserManagerFactory userFactory = new PropertiesUserManagerFactory(); File userFile = new File(bin/ftp/users.properties); File userHome = new File(bin/ftp/tmpHome/); userHome.mkdirs(); userFactory.setFile(userFile); UserManager um = userFactory.createUserManager(); BaseUser user = new BaseUser(); user.setName(unittest); user.setPassword(unittest); user.setHomeDirectory(userHome.getAbsolutePath());//tried both relative and full paths... no luck um.save(user); System.out.println(user.getHomeDirectory()); factory.setUserManager(um); System.out.println( Arrays.toString(um.getAllUserNames()) ); server.start(); The directory exists and has some other files and directories in there. I thought that by logging in with a client (I'm using FileZill and FireFTP) I'd land in the home directory I specified in baseUser.setHomeDirectory(). I've tried passing relative and full paths to setHomeDirectory, each with the same result. Can anyone tell me the very simple thing I'm missing? Again, this is simply for a unit test, so I'm looking for the absolute minimum amount of effort to get an ftp server running for a few seconds with a single user to log in, CWD, and read some file attributes, and that's about it. Thanks so much! Marc
Re: Netstat and LAST_ACK hanging
Hello Dan, Can you describe your environment? Version, configuration, SSL or not... We had some problems with hanging connections but those were solved before 1.0.4 (probably they are solved in all the 1.0.x distributions). 2010/5/10 Dan d...@tipjarawards.com: Our server is running but over time it hanged and the netstat gave this kind of output (endless connections waiting for LAST_ACK). Are we missing something to clean up these connections if the client leaves them hanging? Is there a timout we can use? Thanks, Dan Here is the output from netstat -taupe | sort ... tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16093 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16225 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16328 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16380 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16513 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16778 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16906 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16924 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:16981 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:17091 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:17097 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:17218 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:17273 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:17742 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:17821 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:17825 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:17872 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:18188 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:18393 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:18417 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:18465 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:18517 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:18894 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:18958 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:18978 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:19110 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:19128 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:19237 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:19460 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:19654 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:19789 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:19905 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:19975 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:20023 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:20091 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:20484 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:20498 LAST_ACK root 0 - tcp 1 1 ip-10-194-154-81.ec2.in:ftp :::206.162.148.12:20503 LAST_ACK root 0 - ...
Re: FTPServer 1.0.4: suspect race condition during requestPassivePort() hanging FTP(S) server with one passive data connection port
2010/3/26 Sai Pullabhotla sai.pullabho...@jmethods.com: David, I just re-read your comments towards the end of your previous email: I wonder if we are suffering a similar problem in any other cases; if it was so, we might need to delay the opening of the ServerSocket until the LIST (or GET or PUT...) commands are executed Do you think creating/binding a new ServerSocket could potentially take a long time? Is that your concern? Not really, my concern here was that we could have some concurrency issue, but this shouldn't be a problem anymore with the wait() calls removed. Regards, Sai Pullabhotla On Fri, Mar 26, 2010 at 7:11 AM, David Latorre dvl...@gmail.com wrote: 2010/3/26 Niklas Gustavsson nik...@protocol7.com: On Fri, Mar 26, 2010 at 9:50 AM, Fred Moore fred.moor...@gmail.com wrote: 1\ Priority of passive port sharing ehnancement: Niklas survey shows that we are indeed in good company here, but it's problably worth having a better look at this anyway, there might be good technical reasons that led all the other teams not to support this or it may turn up that it's simply because it's somewhat hard to develop and test. After this discussion I'm significantly less thrilled at implementing shared passive ports :-) Shared passive ports would be a nice feature if they aren't too hard to implement. Among the opensource servers, I think coloradoFTP -a NIO-based java FTPServer under the LGPL license- offered this (since their data connections also use async sockets this shouldn't be too hard for them, but I don't know if they solved the use case depicted by Sai: when there are several sessions open from the same IP) but it seems that commercial solutions offer this and more... 2\ Quick fix for 1.0.x codebase: pushing a 40x to the client when no passive port is available (or probably better: no passive port is available within X seconds) it's probably something we need to do anyway. Thinking some more about this, I'm personally now convinced that should simple return an error (not waiting). I'm not sure what the best reply code should be, but 425 Can't open data connection seems fitting although not specified as valid return from the PASV command. 3\ Suspect race condition: the problem description for the originally reported http://issues.apache.org/jira/browse/FTPSERVER-359 (see also repro code attached to the jira) actually hints also to something different as well, in fact we state that a few (say 20) parallel threads issuing LISTs in passive mode are able to lock-up the server forever. Questions: 3.1\ Is this interely explained by this thread discussion? (I don't think so: the server should *always* be able to recover) Agreed, the server should always recover from a situation like this. After looking into how to fix item 2, we need to rerun your tests and make sure we always survive. Thinking about this issue my understanding of the problem is as follows: 1. We have a number of connections to FTPServer the Executor threadpool max size (I think it is 16) sending the PASV command. 2. The first one of them requests the only available port and gets it. Now the port is in use by a server socket and any subsequent call to requestPassivePort will end up invoking wait(). 3. The thread that processed this PASV command is now available and a new PASV request is assigned to it. 4. Now all threads are trying to request a passive port, but since there are no ports available all the threads in the OrderedThreadPool get blocked by the wait() method. I wonder if we are suffering a similar problem in any other cases; if it was so, we might need to delay the opening of the ServerSocket until the LIST (or GET or PUT...) commands are executed. I hope I made myself clear and that my understanding was right. 3.2\ Would this be fixed by a quick fix as per 2\? (likely, but it's sort of like using nukes to for mowing the lawn) I really have no idea, but I think we should fix 2 first and then make sure we handle your test case. In short my current position can be stated as follows: I think that FTPSERVER-359 has a different root cause from what we discussed, the problem impact is not completely known at the moment but it appears to *severely* affect the server availabily... having just one port is an easy way of reproducing it (but not the cause of it). Agreed. /niklas
Re: FTP transport alternatives for faster throughput
2010/3/26 DevNull43 dev.null...@gmail.com: I've been wondering so many times about FTP alternatives for faster transfers. I've seen commercial companies with nice experimental protocols boosting throughput efficiency ( but haven't had the chance to test myselves). http://www.dataexpedition.com/ http://www.filecatalyst.com/ http://www.asperasoft.com/en/technology/fasp_overview_1/fasp_technology_overview_1 http://www.rocketstream.com/home/default.aspx The performance is so promising that I wonder how is possible it's not widely used. My only guess is they are not standards, not OpenSource, and are copyrighted. I wonder how FTP protocol has not been enhanced in such a way in the standard. Do you know of any OpenSource transfer protocol similar to the comercial ones I posted? Shouldn't Apache MINA or FtpServer be the right place for such a development? What do you think on those transfer protocols? I'm not familiar with these protocols, but I would say that some of their claims are hard to believe... some of them they are 100x faster than FTP while aspera claims that their fasp solution is 1000x faster! Although I do believe that you can increase speed by using UDP instead of TCP and an optimized mechanism for reception acknowledgment, packet retransmision and such, I would like to know what the real figures are. Have you checked any of these? Thanks!
Re: FTPServer 1.0.4: suspect race condition during requestPassivePort() hanging FTP(S) server with one passive data connection port
2010/3/24 Niklas Gustavsson nik...@protocol7.com: On Wed, Mar 24, 2010 at 6:03 PM, Fred Moore fred.moor...@gmail.com wrote: we found an issue related to requestPassivePort() which may lead to an unresponsive V1.0.4 FTP (or FTP/S) Server, this issue can be reproduced. http://issues.apache.org/jira/browse/FTPSERVER-359 contains full description of the symptoms and a minimalist java client and server to reproduce it. I haven't yet looked closer at the code you attached. But, I have seen similar behavior myself during performance testing FtpServer. In that case, I had a very similar behavior at around 20 threads. However, the reason for the problem in that test was that the test case uses up file handles (for the sockets) so fast that they will run out. Since sockets hang around for some time also after closing, they were not freed quickly enough and thus FtpServer could not open new ones. Could you please verify that this is not the case here? You could look at netstat output and look into increasing the allowed number of file handles our the timeout time for sockets in your OS. Actually it is quite easy to reproduce this error (I just wrote a client test case with throws 20~30 threads that list a directory in the server ) and it's not file handle related: we have several bugs in our code that cause this behaviour , i think we hould rewrite all the request/release passive port mechanism as there are several issues with it. /niklas
Re: Detecting interrupted upload
You should check the reply code as Niklas suggested but, besides this, we usually suggest that the client rename the file after successfully uploading it - ideally it would also check the MD5 sum of the transferred file prior to this name change. 2010/3/18 Niklas Gustavsson nik...@protocol7.com: On Thu, Mar 18, 2010 at 8:04 PM, Sébastien Roy s...@okiok.com wrote: Recently, for the first time, I end up not being able to accomplish something. I was looking for a way to detect FTP uploads that would not complete normally (client close connection, network interruption, etc ...). My conclusion is that there is no way to detect if a transfer has completed normally or if the transfer has been interrupted. Did anyone has any ideas how it would be possible to be notified if such interruption occurs? From Ftplet.afterCommand, you should be able to look at the reply. For those failed transfers that FtpServer can detect (that causes an SocketException or IOException) this should be something like 426 or 551. /niklas
Re: LIST from database
2010/3/19 Kenneth Vanvik Hansen kvhan...@online.no: I've got a custom ( looks very much like the native one atm) filesystem implemented. Now I am wondering how to make the server use it. Figure I have to call setFileSystem() in FileSystemFactory somehow. Help? :) You should create your own FileSystemFactory and set it in the DefaultFtpServerContext like this: context.setFileSystemManager(filesystemFactory); -Original Message- From: Kenneth Vanvik Hansen [mailto:kvhan...@online.no] Sent: 18. mars 2010 16:38 To: ftpserver-users@mina.apache.org Subject: RE: LIST from database Nice one. No rush :-) Would be nice with a heads up when/if you get it done. -Original Message- From: Niklas Gustavsson [mailto:nik...@protocol7.com] Sent: 18. mars 2010 16:14 To: ftpserver-users@mina.apache.org Subject: Re: LIST from database On Thu, Mar 18, 2010 at 4:02 PM, Kenneth Vanvik Hansen kvhan...@online.no wrote: Would be really nice. Have searched for info on it but can't say I've found any. I'm not sure how I'm supposed to start doing this so I might just go ahead with replacing the LIST command like my first idea was. I will have a go at writing such an example implementation, but don't hold your breath, it might take a few days or so. /niklas
Re: Avoid onuploadend being called after connection lost
What version of FTPServer are you using? 'FtpReply' should be the last parameter in the afterCommand() method for an FTPLet. 2010/3/1 Vinicius Carvalho vinicius.carva...@sambatech.com.br: Hello David. I found that this variable is present on IOFTPSession, but I can not access it. How can I get its value? Regards On Mon, Mar 1, 2010 at 7:08 AM, David Latorre dvl...@gmail.com wrote: Hello Vinicius, You have to explicitly check the reply variable in your onUploadEnd()/afterCommand() method. This variable should contain the last reply of the 'upload'(STOR, STOU...) command which, I guess, will be = 400 in case of any IO error. 2010/2/25 Vinicius Carvalho vinicius.carva...@sambatech.com.br: Hello there! We are facing some problems with our server. If the remote client process dies, the onuploadend method is invoked, and the transfered file is not complete. Is it possible to avoid this? Shouldn't a sudden disconnection be treated as error? Regards
Re: Avoid onuploadend being called after connection lost
Hello Vinicius, You have to explicitly check the reply variable in your onUploadEnd()/afterCommand() method. This variable should contain the last reply of the 'upload'(STOR, STOU...) command which, I guess, will be = 400 in case of any IO error. 2010/2/25 Vinicius Carvalho vinicius.carva...@sambatech.com.br: Hello there! We are facing some problems with our server. If the remote client process dies, the onuploadend method is invoked, and the transfered file is not complete. Is it possible to avoid this? Shouldn't a sudden disconnection be treated as error? Regards
Re: Upgrading from old ftpserver jar raises MINA library questions.
You can use both MINA MINA 2 based applications if you're deploying the apps on an Application Server as Ashish suggested. Another option that might work for you would be using an OSGI environment ( mmh anyone, is that right? ) or use your own custom classloaders. Still, if it is a single app where you both use a FTPServer and your own MINA 1.0 code it would probably much easier to migrate MINA 2 if possible. 2010/1/21 Ashish paliwalash...@gmail.com: AFAIK, you can't, unless you get into creating Classloader and stuff that are present in App Servers. Upgrading to new MINA version shouldn't take much time, though you are the best person to estimate the testing effort and other stuff. thanks ashish On Wed, Jan 20, 2010 at 8:32 PM, Kieran M k13...@googlemail.com wrote: Hello ! 1) I have inherited a java application with a jar ftpserver.jar - see Note 1 below. I want to check what version of ftp server I have - am guessing by the 2005 date it's old :-) How can I tell from the jar what version I have ? 2) I would like to upgrade the ftpserver jar as we have see some FTP weirdness, but I see that ftpserver-1.0.3.zip is available at http://cwiki.apache.org/FTPSERVER/downloads.html and it i.e. version 1.0.3 has a requirement for mina-core-2.0.0-M6.jar however I am using MINA ver 1.0 in my application for something else and upgrading the other MINA usage at this time is a bit risky (its non-trivial change) Any advice here e.g. is is possible to run the new ftpserver-1.0.3 with mina-core-2.0.0-M6 in parallel with MINA ver 1.0 in same process? Thanks! K137an. [Note 1] jar tvf ftpserver.jar 0 Wed Sep 14 11:50:14 IST 2005 META-INF/ 106 Wed Sep 14 11:50:12 IST 2005 META-INF/MANIFEST.MF 0 Wed Sep 14 11:47:52 IST 2005 org/ 0 Wed Sep 14 11:47:52 IST 2005 org/apache/ 0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/ 0 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/ 0 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/config/ 0 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/filesystem/ 0 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/ftplet/ 0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/gui/ 0 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/interfaces/ 0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/iprestrictor/ 0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/logger/ 0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/message/ 0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/socketfactory/ 0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/ssl/ 0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/usermanager/ 0 Wed Sep 14 11:47:54 IST 2005 org/apache/ftpserver/util/ 342 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/Command.class 672 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/ConnectionManagerImpl$1.class 6308 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/ConnectionManagerImpl.class 3990 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/DataConnectionConfig.class 7558 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/DirectoryLister.class 7906 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/FtpConfigImpl.class 4134 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/FtpDataConnection.class 7094 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/FtpRequestImpl.class 789 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/FtpServer$1.class 5848 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/FtpServer.class 7180 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/FtpStatisticsImpl.class 10744 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/FtpWriter.class 776 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/FtpletContainer$FtpletEntry.class 9682 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/FtpletContainer.class 13966 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/RequestHandler.class 1082 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/ABOR.class 921 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/ACCT.class 5469 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/APPE.class 2171 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/AUTH.class 1617 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/CDUP.class 1695 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/CWD.class 3697 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/DELE.class 2958 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/EPRT.class 1514 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/EPSV.class 969 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/FEAT.class 1116 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/HELP.class 897 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/LANG.class 2382 Wed Sep 14 11:47:52 IST 2005 org/apache/ftpserver/command/LIST.class
Re: ssl connection problem
Hello Tirtza, According to FileZilla log you're trying to connect via SFTP protocol, which is a protocol for file transfer over SSH different from FTP. So, you should chose FTPS (FTP OVER TLS/SSL IMPLICIT) in the server type combo or even FTPES if you keep implicit-ssl to false. Let us know if you should have any other problems, David 2009/12/10 Tirtza Bernstein tirt...@simply-y.com: Hi, I am trying to configure the ftpserver to use ssl. When I set implicit-ssl to be false it works (through filezilla and port 21) however if I switch implicit-ssl to be true I can't connect. Status: Connecting to 1.2.3.4... Response: fzSftp started Command: open ad...@1.2.3.4 22 Error: Connection timed out Error: Could not connect to server nio-listener name=default port=22 implicit-ssl=false idle-timeout=600 ssl protocol =SSL keystore file=./res/myftp.jks password=mypassword / /ssl /nio-listener What am I doing wrong? Thanks
Re: How to configure Apache FtpServer?
You might want to have a look at our examples (if you are using OSGI or a web application) or tests. Actually, in order to use Spring configuration , it would be useful if you knew a little bit about Spring :-) I haven't studied Spring framework at all so yes, at first, it might be a little hard to figure this out. In Spring you have several classes you can use for this: In PropertyPlaceHolderTest: FileSystemXmlApplicationContext ctx = new FileSystemXmlApplicationContext( src/test/resources/spring-config/config-property-placeholder.xml); DefaultFtpServer server = (DefaultFtpServer) ctx.getBean(server); Instead of FileSystemApplicationContext, you could use ClassPathXmlApplication so the spring config file can be loaded from your classpath. In SpringConfigTest: XmlBeanFactory factory = new XmlBeanFactory(new FileSystemResource( src/test/resources/spring-config/config-spring-1.xml)); You can also use a ClassPathResource or any other Spring-provided Resource type. 2009/11/28 Peter Cai newpt...@gmail.com: I found this very simple description on Apache FtpServer's document: Integration with Spring Framework Apache FtpServer uses Spring Framework to implement the configuration. That also means that we get the added benefit of full integration with regular Spring XML configuration. For example, you can embed the server element where ever you like within you Spring configuration, and with FtpServer on the classpath, Spring will wire up the server for you. Nothing else about: 1. Where should I put this configure file? 2. What should the file name be? 3. How could the application find that file? Do I have study Sprint's Configure Framework to know all about it? -- look to the things around you,the immediate world around you, if you are alive,it will mean something to you ——Paul Strand
Re: Problem embedding in Glassfish
I'm glad, your problem was solved (should we maybe add this somewhere in the wiki?) and as Niklas said, It would be cool that you shared your db-based file manager :-) Cheers, David 2009/11/12 Brett Bergquist br...@thebergquistfamily.com: Yes, I am under the gun to use them for a Friday demo but I will clean them up and make sure they are generic and contribute the back. Right now I am limiting the capability to predefined directories to FTP into but it will be relatively easily to add full functionality. Niklas Gustavsson wrote: On Thu, Nov 12, 2009 at 1:18 AM, Brett Bergquist br...@thebergquistfamily.com wrote: Anyways, I'm now writing n FileSystemFactory, FileSystemView, and FtpFile classes that provide a file system in a database using blobs, etc. I actually got it working today to retrieve files stored in our database. Now to the storing side working. Cool, if this is something you would like to share, I would be happy to have a look at the classes for inclusion in the main project. Of course, given that they are generic. This is pretty sweet. The architecture of this is very nice, very plugable. I really like it! That's good to hear :-) /niklas
Re: Problem embedding in Glassfish
2009/11/16 Niklas Gustavsson nik...@protocol7.com: On Mon, Nov 16, 2009 at 11:40 AM, David Latorre dvl...@gmail.com wrote: I'm glad, your problem was solved (should we maybe add this somewhere in the wiki?) Sounds good. Feel free to add it to the FAQ :-) http://mina.apache.org/ftpserver/faq.html Unfortunately I don't have access to cwiki ( I mean, I do have an account - dlatorre - but I cannot edit the pages). I think I commented on this before but never requested to be added to the appropriate groups before, I guess this is a good moment :-)
Re: Problem embedding in Glassfish
Hello Brett, Try to uncomment this line in domain.xml: com.sun.enterprise.server.ss.ASQuickStartup=false It seems that there's some odd problem relating to NIO when QuickStartup is enabled. I had this problem myself but only in some glassfish versions under Vista, i wonder why's that... If you still can't make it work you might want to deploy our some war file ftpserver and see if it works. 2009/11/11 Brett M. Bergquist br...@thebergquistfamily.com: It seems to be something with my Vista machine. Here at work running XP, I have no problems :( Now to find out what in the heck it is. Since I see no debug output when connecting, it must still be some issue with security or firewall on the Vista machine. Funny thing is that I can start the standalone ftpd.exe and that runs. Zhu, Yan-Bo (TSG-GDCC-CD) wrote: Make sure you are not in debug mode and your application is breaking at a breakpoint. I am trying to embed the server in Glassfish. I am doing so by creating a Glassfish LifecycleListener and I start the server up when I receive the ready event. This seems to be working but I cannot connect to the server. I try and basically the connect just hangs. I am running this on Window's Vista and I have turned off the firewall. Netstat -a reports: Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:21 brett-home:0 LISTENING So it seems like the server is up and running. I also made sure that I did not have anything running on port 21 to begin with. My Glassfish log looks like: WEB0712: Starting Sun-Java-System/Application-Server HTTP/1.1 on 8181 WEB0712: Starting Sun-Java-System/Application-Server HTTP/1.1 on 4848 SMGT0007: Self Management Rules service is enabled [ INFO] 2009-11-10 21:05:32,534 [] [] FTP server started onReady called Application server startup complete. So from that it looks like I the server started up correctly. But I cannot connect to the server: C:\Users\brettftp localhost Connected to brett-home. This just hangs. I don't see anything in the Glassfish log either when I do this. It's as if it never reaches the code.
Re: Running FtpServer in plain FTP mode only or Explicit FTP mode only
Hello Matt, You can use a custom FTPLet for this. If you search the mailing list you will find this question asked several times ... For FTPES only: In your custom FTPLet you can hook onLoginStart - this is the beforeCommand when the command is USER- to make sure that channel is secured with (session.isSecure() ) For FTP only: never done this but you can hook beforeCommand of AUTH and forbid the attempt for authentication. In your FTPLet you would define some variable to specify if you want FTPES only, FTP only or normal mode. This variable can be populated from the Spring configuration file ... and that's all , I think. 2009/10/20 Matt Schulze matthew.schu...@onlinebankingsolutions.com: Hello, I would like to be able to set up an embedded FTP server in my Spring application, but restrict it to either Explicit FTP mode only (Accept no commands except AUTH/USER/PASS/PBSZ until the connection is secured) or normal FTP mode only (ignore any 'AUTH' commands). If no mode is restricted, the server should exhibit normal behavior. The current implementation of this behavior has some small changes to the FtpServer source to increase the visibility of some variables and methods and hooking into CommandFactory and CommandFactoryFactory. Is there a way to implement this behavior without modifying the current FtpServer source? - Matt -- Matthew Schulze
Re: implement a ftplet to limit the size of upload files
I think your code is OK except for a problem: - Restarting a failed transfer would mean that the user can safely ignore your limit. To solve this, you could take into account the skipLen value in order to prevent users from circumventing your limits. The pieces of code you didn't understand: -- First block: // 24-10-2007 - added check if PORT or PASV is issued, see //// https://issues.apache.org/jira/browse/FTPSERVER-110 This block checks if a PORT or PASV command was issued previously. In FTP, you must send a PORT or PASV command before any command that sends data (stor, retr, mlsd etc.). -- awaitUninterruptibly : it makes sure the 150 150_FILE_STATUS_OKAY command is sent before proceeding. --ServerFtpStatistics: this component keeps statistics of the FTPServer usage. If you don't know it, you probably don't need it. Still, I think your code doesn't break it in any way. 2009/10/21 Zhu, Yan-Bo (TSG-GDCC-CD) yanbo@hp.com: I'v figured out a implementation by copy the sourcecode in STOR.java to my Ftplet's onUpload method. The following the sourcecode ,pls notice the // at the start of some lines , Some changes are needed: 1, LocalizedFtpReply.translate()method is not usable in ftplet, 2, create a new FilterOutputStream object and pass it to transferFromClient to limit the size . When I test from a ftp client ,it seems like that the result is what I want . But I'm not sure there is no bug because I'm not fully understand the code I commented by //. Could someone give me some suggestions? Thanks. try { // get state variable long skipLen = session.getFileOffset(); // argument check String fileName = request.getArgument(); if (fileName == null) { session .write(new DefaultFtpReply( FtpReply.REPLY_501_SYNTAX_ERROR_IN_PARAMETERS_OR_ARGUMENTS, STOR REPLY_501_SYNTAX_ERROR_IN_PARAMETERS_OR_ARGUMENTS)); return FtpletResult.SKIP; } // // 24-10-2007 - added check if PORT or PASV is issued, see // // https://issues.apache.org/jira/browse/FTPSERVER-110 // DataConnectionFactory connFactory = session.getDataConnection(); // if (connFactory instanceof IODataConnectionFactory) { // InetAddress address = ((IODataConnectionFactory) connFactory) // .getInetAddress(); // if (address == null) { // session.write(new DefaultFtpReply( // FtpReply.REPLY_503_BAD_SEQUENCE_OF_COMMANDS, // PORT or PASV must be issued first)); // return; // } // } // get filename FtpFile file = null; try { file = session.getFileSystemView().getFile(fileName); } catch (Exception ex) { System.out.println(Exception getting file object+ ex); } if (file == null) { session.write(new DefaultFtpReply( FtpReply.REPLY_550_REQUESTED_ACTION_NOT_TAKEN, STOR.REPLY_550_REQUESTED_ACTION_NOT_TAKEN)); return FtpletResult.SKIP; } fileName = file.getAbsolutePath(); // get permission if (!file.isWritable()) { session.write(new DefaultFtpReply( FtpReply.REPLY_550_REQUESTED_ACTION_NOT_TAKEN, STOR.REPLY_550_REQUESTED_ACTION_NOT_TAKEN)); return FtpletResult.SKIP; } // get data connection session.write( new DefaultFtpReply( FtpReply.REPLY_150_FILE_STATUS_OKAY, STOR.REPLY_150_FILE_STATUS_OKAY)) // .awaitUninterruptibly(1) ; DataConnection dataConnection; try { dataConnection = session.getDataConnection().openConnection(); } catch (Exception e) { session.write(new DefaultFtpReply( FtpReply.REPLY_425_CANT_OPEN_DATA_CONNECTION, STOR.REPLY_425_CANT_OPEN_DATA_CONNECTION )); return FtpletResult.SKIP; } // transfer data boolean failure = false; OutputStream outStream = null; try { outStream = file.createOutputStream(skipLen); final int writelimit = 2048; long transSz = dataConnection.transferFromClient( session, new FilterOutputStream( outStream){ private int
Re: How to limit file upload and download to a set of directories.
I'm sure there are other solutions but this one works for us : You should create a custom FTPLet that intercepts the calls to STOR, STOU, APPE (the commands that signal a file upload) before they are issued. This is done implementing the beforeCommand() method of the FTPLet interface. In this beforeUpload() method you would check that the path to the file-to-be-created matches the /projects/project/media/upload/filename pattern and otherwise throw an error. Something like this: public FtpletResult beforeCommand(FtpSession session, FtpRequest request) throws FtpException, IOException { String command = request.getCommand().toUpperCase(); if (STOR.equals(command) || STOU.equals(command) || APPE.equals(command) ){ FileSystemView fsview = session.getFileSystemView(); FtpFile fObject = fsview.getFile(request.getArgument()); String absolutePath = fObject.getAbsolutePath(); if (!canUpload(absolutePath) ) { DefaultFtpReply ftpReply = new DefaultFtpReply(FtpReply.REPLY_550_REQUESTED_ACTION_NOT_TAKEN, Permission denied. The incoming directory is upload/); session.write(ftpReply); return FtpletResult.SKIP; } } return FtpletResult.DEFAULT; } Please note that I just wrote the code and I haven't compiled it. The canUpload method would check if the path is valid. If you needed the Absolute Path relative to the real file system and not FTPServer file system view, you can get the underlying File object with NativeFtpFile. 2009/10/21 John Wilkinson john_wilkin...@xyratex.com: Hi David, Yes, I think I would use FTPServer, as this would fit into my java web service. The file system would look like this: /projects/ProjName/MediaName/upload There would be many projName and MediaName directories. The upload dir would be a temp dir, created by the web service, created just so a user can upload a file. Once uploaded, the web service would take over, check the file MD5, and if OK, move it to the correct location, and delete the upload dir. So the FTP server just needs to limit uploads to /projects/*/*/upload, I guess, at least as a first stab. How do I make an FTPLet to do that? Me being very green on all this. Does this make any sense, or is there a better way? Many regards, John. -Original Message- From: David Latorre [mailto:dvl...@gmail.com] Sent: 21 October 2009 10:56 To: ftpserver-users@mina.apache.org Subject: Re: How to limit file upload and download to a set of directories. Hello John, Do you mean with Apache FTPServer? How would relate this upload directory to the user home root? Do you need to still have access to several other directories in the same tree? You could use a custom FTPLet for this (or even a filesystem implementation) but you'll have to figure out how to 'inform the FTPLet' of what the allowed directory is. 2009/10/21 John Wilkinson john_wilkin...@xyratex.com: Hi, In my web service I want the user to only be able to upload files to an upload directory, which is created on the fly in response to an upload request from the client. On receiving the upload request the web service makes a new directory called upload, and sends the URI back to the client. The client then is able to use this URI to upload files to that directory only. I need to be able to limit this access to only this directory. How do I do that? Many regards, John. __ This email may contain privileged or confidential information, which should only be used for the purpose for which it was sent by Xyratex. No further rights or licenses are granted to use such information. If you are not the intended recipient of this message, please notify the sender by return and delete it. You may not use, copy, disclose or rely on the information contained in it. Internet email is susceptible to data corruption, interception and unauthorised amendment for which Xyratex does not accept liability. While we have taken reasonable precautions to ensure that this email is free of viruses, Xyratex does not accept liability for the presence of any computer viruses in this email, nor for any losses caused as a result of viruses. Xyratex Technology Limited (03134912), Registered in England Wales, Registered Office, Langstone Road, Havant, Hampshire, PO9 1SA. The Xyratex group of companies also includes, Xyratex Ltd, registered in Bermuda, Xyratex International Inc, registered in California, Xyratex (Malaysia) Sdn Bhd registered in Malaysia, Xyratex Technology (Wuxi) Co Ltd registered in The People's Republic of China and Xyratex Japan Limited registered in Japan. __ __ This email may contain privileged or confidential information
Re: IODataConnection.getDataInputStream()
2009/10/13 Niklas Gustavsson nik...@protocol7.com: On Tue, Oct 13, 2009 at 6:21 AM, Charles Karow char...@karow.com wrote: I am using ftpserver to provide a standard way for people to upload files to a bucket on Amazon's S3 service. My users will always be uploading files in binary mode. I am using code from Amazon that takes an InputStream and uses it to stream the data to Amazon's servers. Amazon's code does not expose an OutputStream. transferFromClient takes an OutputStream and I do not have access to an OutputStream. Sounds like this could be solved by an adapter stream which gets written to by DataConnection and is read by S3. Or I might be missing something? This is I what I first thought but I think this might imply several risks in terms of performance, or the need to store the whole transferred file locally (be it in memory or disk). This is of course, if he cannot use PipedStreams. I may not be thinking correctly now but for a solution: - If you are using different threads for the FTP transfer and the transfer to Amazon I guess you could use PipedStreams with our current code (I haven't looked at it actually). - Otherwise, maybe someone on this list can tell us what their approach is. I think some of them are using S3. If no one comes up with a solution for this, i don't think we should dismiss the possibility of exposing the input stream, what do you think niklas?
Re: FtpServer hitting its limit?
I see Niklas and Sai are already helping you out but just in case ... Which version of Apache Ftpserver are you using? We had some issues with passive data transfers ( related to SSL connections). Are you using plain or SSL connections? As Niklas said, netstat -an report would be of much help. You can of course mask the ip-addresses if you want to keep private information private :-) Still, if you saw something like thousands of connections in fin_wait2 status - it is clear that there's a problem somewhere ( In this case, I think you just need to upgrade to latest version). Depending on your FtpServer version, upgrading the Sun jvm to 1.6.12+ version couldalso be a solution for you. 2009/10/8 a...@safe-mail.net: Hi. I have an issue with apache FtpServer. It's set to use passive mode, and it looks like all of the ports are being used, which stops any new connections from being connected and the whole ftp server just hangs. If you try to connect it just reaches time out. Here what I get after this happens, in the log: [ INFO] 2009-10-08 09:04:44,347 [] [65.75.250.58] CREATED [ INFO] 2009-10-08 09:04:44,753 [] [64.90.174.226] CREATED [ INFO] 2009-10-08 09:04:45,284 [] [72.89.239.125] CREATED [ INFO] 2009-10-08 09:04:45,909 [] [195.14.162.97] CREATED [ INFO] 2009-10-08 09:04:47,018 [] [85.225.141.116] CREATED [ INFO] 2009-10-08 09:04:47,909 [] [38.99.250.2] CREATED [ INFO] 2009-10-08 09:04:48,268 [] [114.111.139.57] CREATED [ INFO] 2009-10-08 09:04:48,972 [] [80.34.69.143] CREATED [ INFO] 2009-10-08 09:04:49,456 [] [111.67.83.18] CREATED [ INFO] 2009-10-08 09:04:49,472 [] [202.150.209.90] CREATED [ INFO] 2009-10-08 09:04:49,472 [] [118.243.143.178] CREATED [ INFO] 2009-10-08 09:04:49,550 [] [81.247.77.182] CREATED [ INFO] 2009-10-08 09:04:49,768 [] [220.236.247.154] CREATED [ INFO] 2009-10-08 09:04:50,347 [] [79.172.211.17] CREATED [ INFO] 2009-10-08 09:04:50,550 [] [174.133.32.49] CREATED [ INFO] 2009-10-08 09:04:50,565 [] [81.247.77.182] CREATED [ INFO] 2009-10-08 09:04:51,612 [] [75.127.87.129] CREATED And it's just keeps going on like that. I have about 1000 connections every 5 minutes which creates about 35gb of daily incoming traffic, so I think I'm hitting the limit of the apache FtpServer. How can I avoid it? Is there a workaround? Also, since only one connection is allowed per port, is there a way to virtually increase the number of ports to allow more simultaneous connections? Thanks.
Re: Failed to open passive data connection
This is strange . Our codebase has changed a lot since incubator and actually I'm not familiar with your version, but i'd say that support for port-reuse in passive mode was just recently added. Are you sure that your stress tests do actually use passive mode rather than active? I think Niklas has fixed several issues with passive connections, so he might be able to give you a diagnosis ... Otherwise I would ask for: - A log file in DEBUG mode ( Basically I'd like to see the ports and ips being used) - The configuration you're using ( port-range etc.) - I wonder if you keep the source code of the version you're using , or at least, can give us a specific version so we can try to get the sources. If i had to make a wild guess, taking into account you're using 100 servers! (I guess several of them are linux servers, right? not only the one which is failing ...) I'd suggest that you ran out of available socket descriptors or that the port FtpServer is trying to use for the data transfer is already in use. Anyway, there should be something going on there as there are quite a few connections in CLOSE_WAIT mode- i guess they aren't being closed properly. 2009/6/9 Gérard Frédéric frederic.ger...@atosorigin.com: Thanks Sai Arrrh I don't think it's the reason Stress benths have been done on several Os with this configuration, with many concurrent transfers, and there were no any problem Here we test only from on client, without concurrent transfers (so just one passive port is used once) More precisely, the server hangs after 2 issues, and a lsof shows none passive ports are in use We use ftpserver in more than 100 servers, we observe this only on a lfs 32bit linux server, jre5u9 (no ssl issue about it) Do you think it could an unstable behavior of a firewall ? Maybe these logs and lsof could help you : SERVER LSOF [r...@mmut01] /usr/local/aft/log]# lsof -p 22135 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME java 22135 root cwd DIR 104,3 4096 249675 /usr/local/aft java 22135 root rtd DIR 104,1 4096 2 / java 22135 root txt REG 104,3 64248 67715 /usr/java/jdk1.5.0_09/bin/exec/java java 22135 root mem REG 104,3 25000 67866 /usr/java/jdk1.5.0_09/jre/lib/i386/libnio.so java 22135 root mem REG 104,3 71732 67865 /usr/java/jdk1.5.0_09/jre/lib/i386/libnet.so java 22135 root mem REG 104,3 28694 249721 /usr/local/aft/lib/aft.jar java 22135 root mem REG 0,13 124724 2197211 /LOCAL/classes/jar/xerces/xml-apis-2.6.2.jar (dmz-data01:/vol/vol0/LOCAL_classes) java 22135 root mem REG 104,3 232168 249722 /usr/local/aft/lib/aftd.jar java 22135 root mem REG 104,3 300128 249723 /usr/local/aft/lib/backport-util-concurrent31.jar java 22135 root mem REG 104,3 79441 249724 /usr/local/aft/lib/ftp4che071gen15.jar java 22135 root mem REG 104,3 14119 249725 /usr/local/aft/lib/ftplet-aftd.jar java 22135 root mem REG 104,3 391834 249726 /usr/local/aft/lib/log4j-1.2.15gen15.jar java 22135 root mem REG 104,3 276847 249727 /usr/local/aft/lib/mina-core-1.0.8.jar java 22135 root mem REG 104,3 16094 249728 /usr/local/aft/lib/mina-filter-ssl-1.0.8.jar java 22135 root mem REG 104,3 15345 249729 /usr/local/aft/lib/slf4j-api-1.4.3gen15.jar java 22135 root mem REG 104,3 8601 249730 /usr/local/aft/lib/slf4j-log4j12-1.4.3gen15.jar java 22135 root mem REG 104,3 7991 249731 /usr/local/aft/lib/sysmm-1-1-0b1.jar java 22135 root mem REG 104,3 175811 67798 /usr/java/jdk1.5.0_09/jre/lib/ext/sunpkcs11.jar java 22135 root mem REG 104,3 158417 67797 /usr/java/jdk1.5.0_09/jre/lib/ext/sunjce_provider.jar java 22135 root mem REG 104,3 802388 67796 /usr/java/jdk1.5.0_09/jre/lib/ext/localedata.jar java 22135 root mem REG 104,3 8176 67795 /usr/java/jdk1.5.0_09/jre/lib/ext/dnsns.jar java 22135 root mem REG 104,3 1037385 67794 /usr/java/jdk1.5.0_09/jre/lib/ext/bcprov-jdk15-131.jar java 22135 root mem REG 104,3 8843542 67785 /usr/java/jdk1.5.0_09/jre/lib/charsets.jar java 22135 root mem REG 104,3 81946 67906 /usr/java/jdk1.5.0_09/jre/lib/jce.jar java 22135 root mem REG 104,3 542560 67907 /usr/java/jdk1.5.0_09/jre/lib/jsse.jar java 22135 root mem REG 104,3 39935094 67936 /usr/java/jdk1.5.0_09/jre/lib/rt.jar java 22135 root mem REG 0,13 27052 6111554 /LOCAL/classes/jar/jaxp/jaxp-api-1.2.jar (dmz-data01:/vol/vol0/LOCAL_classes) java 22135 root mem REG 0,13 1010675 2197212 /LOCAL/classes/jar/xerces/xercesImpl-2.6.2.jar
Re: Overriding XML configuration from system properties
Yeah it's a same that because of different issues none of them, PropertyPlaceholder nor PropertyOverriden will work :-S 2009/5/31 Niklas Gustavsson nik...@protocol7.com: On Sun, May 31, 2009 at 12:06 AM, Niklas Gustavsson nik...@protocol7.com wrote: On Fri, May 29, 2009 at 7:17 PM, Roger Marshall roger.marsh...@aetopia.com wrote: My first question is whether there is actually valid set of properties file entries that would work with the first version of ftpserver.xml (the one using the http://mina.apache.org/ftpserver/spring/v1 schema)? We do not currently support property based configuration (I personally find this a major gap since I'm a big user of property replacement with Spring). However, there is an issue reported (https://issues.apache.org/jira/browse/FTPSERVER-282) that we plan on fixing for 1.1. Not waiting for 1.1, I think your solution is the best available. I'm not very familiar with the problem your having so I do not have any more input than the excellent reply you already received from David. I should also have noted that you can used a .PropertyPlaceholderConfigurer in which case you can choose the property name yourself. However, as FTPSERVER-282 points out, if using our custom schema, you will not be able to use this for numeric values, instead you would have to use the standard Spring bean tags. /niklas
Re: STOR a temporary file
2009/5/13 Sai Pullabhotla sai.pullabho...@jmethods.com: No, client does not send the checksum to the server, instead it asks the server for the checksum of a file. The server calculates the checksum and returns it. The client would then compare the checksum to its own calculated checksum. See the link below for more information: http://cwiki.apache.org/FTPSERVER/draft-twine-ftpmd5-00.html I just want to point out that using ASCII mode to transfer files may result in checksum mismatch depending on the client and server platforms and the data being transferred. Sure, I forgot to mention that. This is one of the reasons why I deeply dislike ASCII mode and avoid it altogether . Sai Pullabhotla www.jMethods.com On Wed, May 13, 2009 at 8:21 AM, Dan d...@tipjarawards.com wrote: Could we get more information on using MD5 to ensure data integrity? Doesn't the client have to send the hash value at some point during the transfer, when would this be done? The way I would see it: 1. Calculate MD5 hash for the file 2. Upload the file When does the client send the MD5 hash to the server? Dan -Original Message- From: Niklas Gustavsson [mailto:nik...@protocol7.com] Sent: May-13-09 6:52 AM To: ftpserver-users@mina.apache.org Subject: Re: STOR a temporary file On Wed, May 13, 2009 at 12:44 PM, David Latorre dvl...@gmail.com wrote: If the client renamed the file itself when the upload finished, you'd be sure that it had been successfully written ( Besides, you can use MD5 checks for data integrity). This is the strategy I've always used when I have automated FTP transfers (eg. application to application integration). I highly recommend it. If the server you're using doesn't support the MD5 commands, you can at least check the file length from the client. /niklas
Re: STOR a temporary file
2009/5/13 Fred Moore fred.moor...@gmail.com: Hi David, in you previous post you stated: There's no way to know (at the server side) if the file has been transferred correctly. When the data connection is closed, the server thinks the file transfer finished correctly but this must not be the case. This is something of the utmost importance for FTP in general and FTP used in a business context in particular: can you expand a bit on that? There are several modes of operation in FTP, of those the only one that is always implemented (while the other ones hardly ever are) is STREAM mode. In this mode, the data is sent as an unstructured stream of bytes carrying no other information such as the End Of File. So , in this mode, it is considered that a file transfer has been completed when the data connection is closed. But, of course, it is possible that the connection be closed before the file sending has been complete. As an example, you can start uploading a file with Filezilla and then select : Stop and delete all ( I have a localized version, it should say something similar to that). The connection will be closed and then the FTPServer will think the file arrived correctly. If the client renamed the file itself when the upload finished, you'd be sure that it had been successfully written ( Besides, you can use MD5 checks for data integrity). Is this stemming from a limitation of the FTP wire-format as described in RFCs (e.g. no reliable file size provided by the client upfront)? If so: do you know of FTP clients that play ball with the server and severe the data connection is a way that surfaces as an error on the server (which can then use this condition as an indication of likely file truncation)? Cheers, F.
Re: STOR a temporary file
2009/5/12 massimiliano basilica massimiliano.basil...@yahoo.it: HI all, I'm using FTPServer 1.0.I need that the FTPServer stores a file with a temporary file extention and rename it with originally file name.The scenario is:The Client sends the file FirstFile.txt (put FirstFile.txt).The FTPServer must store it as FirstFile.txt.tmp. When the uploading is completed, the FTPServer must rename it as FirstFile.txt.All must be transparent to the Client, it can't use the command Hello massimiliano, I have implemented something like that and it's kinda working but see several potential problems: - There's no way to know (at the server side) if the file has been transferred correctly. When the data connection is closed, the server thinks the file transfer finished correctly but this must not be the case. Thus, the file could be renamed to it's final name even though the connection was aborted - you end up with an uncomplete file. - Currently the onUploadEnd ftplet method will be executed after the response to the client is sent. So if the file-rename fails the client wouldn't know that anything happened. If this is a problem for you (most likely) you should use your own STOR method. Otherwise, you can use onUploadStart() ftpLet method for the first rename and onUploadEnd for the final one. Since we had this implemented before the change in ftpets what I did is to provide my own STOR method which is an exact copy of Ftpserver's implementation but adding a call to the rename-to-.txt method in the Ftplet before the response is written to the session.
Re: Users and their permissions
2009/5/7 Simone Giannecchini simbo...@gmail.com: Ciao Sai, thanks for the feedback, but I am already doing that in my custom UserManager I load users from a db table and I create BaseUsers instances on the fly, setting the Home Directory correctly, however as I log in with one of my user the cwd is set to the root ftp dir. I check how the NativeFileSystem gets created and that seems to be the default behavior. I admit that I did investigate too much yet, so I might have made some other mistakes along the line. Any other suggestions? If you are using the NativeFileSystem implementation there's not even a place where you configure a rootDir, from NativeFileSystemView: String rootDir = user.getHomeDirectory(); So unless you're using a different Filesystem implementation I'd say you're good to go. Actually, you cannot configure a FTP root dir anywhere! Simone. --- Ing. Simone Giannecchini GeoSolutions S.A.S. Owner - Software Engineer Via Carignoni 51 55041 Camaiore (LU) Italy phone: +39 0584983027 fax: +39 0584983027 mob: +39 333 8128928 http://www.geo-solutions.it http://simboss.blogspot.com/ http://www.linkedin.com/in/simonegiannecchini --- On Thu, May 7, 2009 at 8:58 PM, Sai Pullabhotla sai.pullabho...@jmethods.com wrote: The BaseUser class has a home directory and users are restricted to that directory. So, all you have to do is set the home directory of the user to the appropriate directory. Sai Pullabhotla Phone: (402) 408-5753 Fax: (402) 408-6861 www.jMethods.com On Thu, May 7, 2009 at 12:58 PM, Simone Giannecchini simbo...@gmail.comwrote: Dear List, I am pretty new to the apache ftp server, but so far I can say that it look great. I am trying to wire it up within my own app. I already hooked up my own usermanager. My question now is, there is a simple way to limit user to their own home directory. I don't want users to be able to navigate to other user's home dirs. Thx, Simone. --- Ing. Simone Giannecchini GeoSolutions S.A.S. Owner - Software Engineer Via Carignoni 51 55041 Camaiore (LU) Italy phone: +39 0584983027 fax: +39 0584983027 mob: +39 333 8128928 http://www.geo-solutions.it http://simboss.blogspot.com/ http://www.linkedin.com/in/simonegiannecchini ---
Re: mulite language support for the name of the file been uploaded
2009/4/19 fayan li lifa...@gmail.com: Hi David Thanks for your reply. Strange enough, I use filezila too. And the upload success while I tried on another an ftpd server running on redhat. I see the log, seems the file upload is succed, but failed when trying to write the file out to disk on server side. May be it is caused by the windows 2008 server( Eng version). Can you include the portion of the log file related to your problem? Besides that, you can force UTF-8 mode in Filezilla client, i don't know if it will help, but it won't hurt. Does your windows 2008 server allow you to create the very same filename with the typical right click ... New file ...? I will try to find out. Regards, Ryan.
Re: mulite language support for the name of the file been uploaded
Hello li fayan, This issue has been discussed extensively before. Currently, as spec mandates, you need to use an UTF-8 compatible client in order to use chinese characters. We should provide an alternative mechanism for 'broken' client that do not support UTF-8 but meanwhile I use Filezilla and it works nicely. BTW, commons-ftp in case you're using it, does support UTF-8 2009/4/18 fayan li lifa...@gmail.com: Dear all I meet some error while trying to upload files which name contains chinese charactors. Is it a bug or i need some further config for the ftp server? Environment of my server is as following. server windows 2008(eng) jdk 1.6 intel x64 cpu Thanks in advance. Ryan (li fayan)
Re: Possible DefaultFtpStatistics Bug.
Uh, I meant, the null value is returned from IoSession.getRemoteAddress() 2009/4/14 David Latorre dvl...@gmail.com: It seems that the NPE is being thrown in ioSession.getRemoteAddress() right? 2009/4/14 Niklas Gustavsson nik...@protocol7.com: We should never throw NPEs so this is clearly a bug in FtpServer. Could you please open a JIRA issues with the stacktrace and further details (also the test case if possible)? /niklas 2009/4/14 Ulysess Lee 李宇光 uking...@gmail.com: Hi, When I write a Testcase to make a proformance test for Apache ftp server, and I only use ONE ftp account in many threads to upload different files, then after about 10 users loged in, it throws exception: [2009-04-14 09:30:52,973] [WARN ] DefaultFtpHandler [t...@bbapp.net] [125.88.130.8] - RequestHandler.service() java.lang.NullPointerException at java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:768) at org.apache.ftpserver.impl.DefaultFtpStatistics$UserLogins.loginsFromInetAddress(DefaultFtpStatistics.java:90) at org.apache.ftpserver.impl.DefaultFtpStatistics.getCurrentUserLoginNumber(DefaultFtpStatistics.java:259) at org.apache.ftpserver.command.impl.USER.execute(USER.java:152) at org.apache.ftpserver.impl.DefaultFtpHandler.messageReceived(DefaultFtpHandler.java:169) at org.apache.ftpserver.listener.nio.FtpHandlerAdapter.messageReceived(FtpHandlerAdapter.java:65) most likey a thread lock problem?
Re: Maximum login connections: 421
AKAIK, idleTime should not be a problem. It is true that ConcurrentLoginPermission() is not in our public API ( you can always get the source code though, with only the tests you'll learn a big deal about FtpServer) , the constructor is this: public ConcurrentLoginPermission(int maxConcurrentLogins, int maxConcurrentLoginsPerIP) { this.maxConcurrentLogins = maxConcurrentLogins; this.maxConcurrentLoginsPerIP = maxConcurrentLoginsPerIP; } So in your case you should haveauthorities.add(new ConcurrentLoginPermission(8, 4)); to limit the target user to 8 connections with 4 from the same IP adress. I still think you may need to check how many connections are actually established! Can you provide us with a 'new log file' in DEBUG mode reproducing your issue? 2009/4/3 Dan d...@tipjarawards.com: I set the concurrent logins as follows: ListAuthority authorities = new ArrayListAuthority(); authorities.add(new WritePermission()); authorities.add(new ConcurrentLoginPermission(4, 8)); authorities.add(new TransferRatePermission(0, 0)); setAuthorities(authorities); setMaxIdleTime(0); Is there a problem with the setMaxIdleTime? Otherwise I assume I am setting the logins to be a max of 4..or 8, I am not sure since my javadocs don't include ConcurrentLoginPermission info! Thanks, Dan -Original Message- From: David Latorre [mailto:dvl...@gmail.com] Sent: April-03-09 1:43 PM To: ftpserver-users@mina.apache.org Subject: Re: Maximum login connections: 421 Hello Dan, You also set maximum connections per user in the UserManager ... what value did you use in order to configure that? And when FTP Clients open several connections, they log you in for each of those connections ... until we have an equivalent to admingui which allowed us to monitor all the connections you can see if DEBUG log level will help you to find out what's your exact problem; otherwise you can use a ftplet that gets triggered before USER command or something like that :-) And, of course, you can debug the server 2009/4/3 Dan d...@tipjarawards.com: I agree, but the docs say Maximum Logins, not Maximum Connections. Hopefully there are just logins that aren't being closed properly over time, although I don't know how to find this out. There should be a way to get status on all logins from the manager, I'm going to keep looking. -Original Message- From: Steve Winter [mailto:st...@bluecrocodile.co.nz] Sent: April-03-09 11:09 AM To: ftpserver-users@mina.apache.org Subject: Re: Maximum login connections: 421 Hi Dan, I know that many ftp clients will open multiple simultaneous connections to a server, so it may be that there are 4 people logged in, each of them with 8 connections open, which may account for this...?? Just a random thought... Cheers Steve On 3 Apr 2009, at 15:05, Dan wrote: I am getting: WARNING: SENT: 421 Maximum login limit has been reached. I have set the connection configuration as follows: ConnectionConfigFactory connectionConfigFactory = new ConnectionConfigFactory(); connectionConfigFactory.setMaxLogins(32); The thing is there aren't even close to 32 people logged in right now, are there known bugs with having hanging connections etc. that could cause this? Any hints to help debug this in the future? Thanks, Dan
Re: How to set timeout?
2009/2/3 Mohit Anchlia mohitanch...@gmail.com Thanks ..so I made the change to set default-idle-time to 300 secs. And then logged in as a client, ftp server didn't timeout even after 5 mts of inactivity What did you set the timeout-poll-inverval to? When dit the timeout occur? On Tue, Feb 3, 2009 at 3:12 AM, David Latorre dvl...@gmail.com wrote: 2009/2/3 Ashish paliwalash...@gmail.com On Tue, Feb 3, 2009 at 2:38 PM, David Latorre dvl...@gmail.com wrote: Hello Mohit, My advice is to update to the latest version of FtpServer. A lot of improvements and bugfixes have been added since your version was released. From and old config file of mine i see this: config.connection-manager.default-idle-time=1000 config.connection-manager.timeout-poll-inverval=60 David, could you point me to the class where this handling is done. Is it in NioListener.java ? acceptor.getSessionConfig().setIdleTime(IdleStatus.BOTH_IDLE, getIdleTimeout()); In our current code base, yes (He's using an older version). Although you can set an idle-timeout in the user manager too. Have you ever tried to set timeout greater than 60 sec (6) assuming the settings are in ms? So far the way I have experimented with MINA, couldn't make this work for longer timeout, without a workaround. From Mina javadoc: Sets idle time for the specified type of idleness in seconds. I haven't really tested this though - and Im not very familiar with Mina itself. I should do some research on this. Let me know your thoughts. thanks ashish
Re: symbolic links
2009/2/4 Francis De Brabandere franci...@gmail.com what is the url for these wiki's? On Wed, Feb 4, 2009 at 9:29 AM, Ashish paliwalash...@gmail.com wrote: On Wed, Feb 4, 2009 at 1:50 PM, Niklas Gustavsson nik...@protocol7.com wrote: On Wed, Feb 4, 2009 at 9:11 AM, Ashish paliwalash...@gmail.com wrote: Will we worthwhile, adding this info to wiki :-) Agreed, feel free :-) can't write to Ftp Server wiki, but shall add an entry in Related projects that we have for MINA - ashish -- http://www.somatik.be Microsoft gives you windows, Linux gives you the whole house.
Re: Sent 421: Maximum login limit has been reached
Hello Dan, Max login per user are set using authorities, an example from DBUserManager: ListAuthority authorities = new ArrayListAuthority(); if (rs.getBoolean(ATTR_WRITE_PERM)) { authorities.add(new WritePermission()); } authorities.add(new ConcurrentLoginPermission(rs .getInt(ATTR_MAX_LOGIN_NUMBER), rs .getInt(ATTR_MAX_LOGIN_PER_IP))); authorities.add(new TransferRatePermission(rs .getInt(ATTR_MAX_DOWNLOAD_RATE), rs .getInt(ATTR_MAX_UPLOAD_RATE))); In this case you need ConcurrentLoginPermission but if users are going to upload files you also need WritePermission. 2009/2/2 Dan d...@tipjarawards.com Have looked around Niklas I only see: setMaxLogins(int) - Method in class org.apache.ftpserver.ConnectionConfigFactory Where is the call to set the max logins by user? I don't see any methods for UserManager etc. Thanks, Dan -Original Message- From: Niklas Gustavsson [mailto:nik...@protocol7.com] Sent: February-02-09 5:07 PM To: ftpserver-users@mina.apache.org Subject: Re: Sent 421: Maximum login limit has been reached On Mon, Feb 2, 2009 at 10:16 PM, Dan d...@tipjarawards.com wrote: I am getting 421 Maximum login limit has been reached. Logs. Is there a way to setup a maximum login limit per user? Can't see in the docs where this is documented. Yes, this can be set both for the entire server, and per user. For example, if you're using the file based user manager, you can find examples of such files (including this setting) in the distribution. You can also find the full documentation of the format in the Javadocs. Let us know if you need further help! /niklas
Re: Unix filesystem
As Niklas said I think you should extend AbstractUserManager (or just implement UserManager) Or are you using /etc/password for authentication and you want to extract the user information from a database? It doesn't sound very likely. If you are starting FTPServer programatically, you will use FTPServerFactory setUserManager method (the argument is the class you implemented) while if you're using the Spring facility, you have to use the user-amanger tag , e.g: user-manager beans:bean class=full-name-of-your-class beans:constructor-arg index=0 type=java.lang.String value=whateverArgumentYouMayNeed/ /beans:bean /user-manager 2009/1/20 Niklas Gustavsson nik...@protocol7.com On Tue, Jan 20, 2009 at 5:18 AM, Javi j...@valenciacf.org wrote: I want to modify DbUserManager in order to authenticate vs Linux password/shadow file, in order to create a custom authenticator how should I register my class? I would not recommend extending the DbUserManager in order to develop this user manager, instead have a look at extending AbstractUserManager. Are you looking into using JPam for this? Would you maybe be interested in donating such a solution back to the project? Additionally ftpd.sh runs as user root in order to have correct permissions to chown incoming files, and make the owner to the unix user who created them. Running a network server as root is never a good idea. I'm not sure how other FTP servers handle setting the correct ownership, but you could have a look at that. We do not support setting the owner of the files today, and before the JRE offers this, that is, when NIO2 ships. However I allways gets the files owned by the user running the Java process. Also when I display files they belong to user:group even if they are owned by other user: ftp ls 200 Command PORT okay. 150 File status okay; about to open data connection. dr-x-- 3 user group0 Jan 18 23:56 A dr-x-- 3 user group0 Jan 18 23:56 B dr-x-- 3 user group0 Jan 18 23:56 C 226 Closing data connection. Is possible to dislay files as real owner? hi /niklas
Re: Implicit SSL PROT level defaults to Clear
Hello Kevin, As you already said we are following the RFC here and -although I admit that makes little sense in these days- Sai is right that it is quite common to have only the control channel encrypted: I even saw a client (gFtp maybe?) that didn't support SSL for the data channel. And there are some servers with the same limitation. Sai's suggestions makes sense to me but It's possible to argue (let's wait for Niklas's opinion here) that having an option to force SSL mode would add little value to most users and core code would become a little more bloated. Right now you can get the DataChannel from the Session object in any FTPLet and ask if isSecure() (something like that, Im on holidays using a public computer :-) ) so you can implement a onBeforeCommand metod for PORT and PASSIVE in your FTPLet that let you continue only if your channel is secured. Currently I'm doing this myself, but just intercepting the STOR/STOU and RETR commands. Other people is doing the very same thing, so maybe the could send you an example. If i were you I wouldn't wait for an update only for this, although we of course will think about implementing this option. 2008/12/17 Sai Pullabhotla sai.pullabho...@jmethods.com There are cases where a client/server just want a secure channel on the control connection (encrypt user name and password), but not the data itself. I don't think it is a good idea to change the default, but it would be nice to add a new option to the dataConnection to force SSL. Sai Pullabhotla Phone: (402) 408-5753 Fax: (402) 408-6861 www.jMethods.com On Wed, Dec 17, 2008 at 1:20 PM, Kevin Conaway kevin.cona...@gmail.com wrote: I apologize for replying to myself but I have some more thoughts. To me, the implied part of implicit SSL means that at the application level, the user isn't aware that the FTP session is being conducted over SSL. Having to issue a PROT command to set the data protection level violates the spirit of that assumption. Perhaps this is just my limited imagination, but I'm having a hard time envisioning a scenario with implicit SSL where you would always want the control channel to be encrypted but not the data channel. Isn't that what explicit FTPS is for? I have a patch ready that will force the data channel to secure mode if the Listener is in implicit mode but I'm not sure of the implications of making that switch. Would it be permissible to at least have this available as a configuration option? Thanks On Tue, Dec 16, 2008 at 4:46 PM, Kevin Conaway kevin.cona...@gmail.com wrote: Although the definition of FTP with implicit SSL varies depending on who you ask, its my understanding that it means that the entire FTP session is conducted over TLS/SSL. If thats true, shouldn't the data channel default to the P or private setting? As of now, it defaults to clear (which is the specified behavior in RFC 2228). I have FTP clients that are connecting over implicit SSL without issuing the PROT command. When they go to transfer a file, FtpServer sets up a plain socket for the data channel instead of an SSL one and the transfer never completes. Would it be appropriate for the ServerDataConnectionFactory to have the secure property set to true by default if the session is using implicit SSL? Thanks Kevin Conaway
Re: Socket file descriptors leak leading to Too Many Files Opened using FTP/S on Linux?
Hey, Fred you should try the workaround proposed in security-dev: In JSSE, you can layer a SSLSocket over an existing Socket. That will avoid SSLServerSocket creating the dummy Socket that is eventually leaking the file descriptors. ServerSocket ss = new ServerSocket(port); Socket s = ss.accept(); sslssf.createSocket(s, s.getInetAddress().getHostName(), s.getPort(), false); and see if this solves your issue. The simplest thing I can think of is that you try the provided test case and then the proposed workaround. If this solves your issue, we might want to implement this as the standard mechanism to create SSLServerSockets as the JVM creates dummy sockets anyway. 2008/12/11 Niklas Gustavsson nik...@protocol7.com Hey That bug seems pretty much exactly describing your problem. Can I make some assumptions, please verify them: * You only get this when running in passive mode * You get the same problem doing a connect - STOR - disconnect * You get the same problem doing a connect - RETR - disconnect Also, and this is kind of important, your wrote in your first email that your listing returned an empty list. Is this always the case? Do you see the leak when returning a non-zero size list? Looking at the workaround, we could certainly attempt using it, but first I would like to replicate the problem so we'll know the workaround will work for us. I'm on: $ java -version java version 1.6.0_10 Java(TM) SE Runtime Environment (build 1.6.0_10-b33) Java HotSpot(TM) Server VM (build 11.0-b15, mixed mode) $ uname -a Linux niklas-laptop 2.6.27-9-generic #1 SMP Thu Nov 20 21:57:00 UTC 2008 i686 GNU/Linux So, I should be affected. Would you be able to share the client test script you got? /niklas On Thu, Dec 11, 2008 at 8:51 PM, Fred Moore fred.moor...@gmail.com wrote: Niklas, David, All, here is an update on the problem we reported... more to come as we complete some additional tests tomorrow any HELP is welcome! During the last few days we kept narrowing down the debug scenario in order to have a more precise idea of this blocking problem shape scope. Here are a few findings: 1\ KO on Linux with Sun HotSpot J2SE 1.5.0_12 or higher 2\ KO on Linux with Sun HotSpot J2SE 1.6.0_xx 3\ OK on Linux with Sun HotSpot J2SE 1.5.0_11 4\ KO on Windows with Sun HotSpot J2SE 1.5.0_15 or higher (procexplorer is showing a growing number of File \Device\Afd\Endpoint which eventually will hit the max number in Windows too) 5\ ?? on Windows with Sun HotSpot J2SE 1.5.0_11 (will test this tomorrow to ensure this JVM version is as safe on Windows as it is on Linux) The too many files open condition (or its Windows variant) is hit when we repeat a Connect, ListNames (NLST), Disconnect in a tight loop for about 1 hour, over FTP/S TLS/Explicit. Please notice that these other scenarios are OK: A\ Just connecting/disconnecting without issuing the NLST command B\ Using straight FTP connection The FTPServer codebase used for the test was M2-level with still some custom code (we had no time so far to setup a clean M4 env), but we still believe that the custom code is not related with the reported problem (and it's difficult to quickly evict it in our environment right now). We currently believe to have incurred in this JVM bug SSLServerSocket file descriptor leak: http://bugs.sun.com/view_bug.do?bug_id=6764972 : ---begin--- File descriptors of TCP sockets are not released properly when using SSLServerSocket class ( especially with many instances ) on Linux systems. If a server application ( like Jakarta Tomcat ) runs very long time, this problem will cause a 'too many open files' error and a denial of the service. ---end--- Given your very detailed knowledge of FTPServer source code and bug 6764972 description, do you think this might be the case? Can you suggest any patch / workaround for that? Any help at this stage is highly appreciated! Cheers, F. PS: speaking of workarounds this thread may/may not be relevant for the case at hand (look up leak layer keywords): http://www.nabble.com/-security-dev-00402-:-Re:-NullPointerException-at%09sun.security.ssl.OutputRecord.writeBuffer-td20492154.html
Re: Socket file descriptors leak leading to Too Many Files Opened using FTP/S on Linux?
Hello Randy, I am using FTPServer embedded in glassfish with two listeners (implicit ssl explicit ssl/plain - although we forbid plain connections) and we are not seeing this issue. Since it is two of you already reporting this problem can you please elaborate a little more on : - Operating sytem and architecture (we are using CentOS 5.1 and RedHat under Intel Xeon 64 bits) - Java version ( 1.6.10 64 bits here). - Any important modifications/additions to FTPServer? Besides it would be great if you could test your setup using implicit ssl instead of explicit, or only plain connections. Maybe it would help that your tests were based on a 'minimalistic' fresh copy of FTPServer, so we can trace this. 2008/12/9 Randy Prager [EMAIL PROTECTED] I think we are seeing something similar. We have 2 instances of FTPServer running, one embedded in tomcat and one in its own JVM. Both appear to hold onto socket descriptors (lsof reports can't iden protocol) ... eventually leading to too many open files. We are continuing to investigate to confirm it is an FTP server issue. This problem has only occurred recently and we suspect it is the result of a new pattern of client connections or connection type (we support both FTP and FTP-TLS). We are not sure why lsof would report the can't iden protocol as opposed to TCP ... Our environment is LINUX SLES-10 J2SE 1.6. Here is a sample config: listeners nio-listener name=default port= implicit-ssl=false idle-timeout=60 local-address=X ssl keystore file=classpath:X.jks password=X/ /ssl data-connection idle-timeout=60 active enabled=false local-address=X local-port=XX/ passive ports=X address=X external-address=/ /data-connection blacklist /blacklist /nio-listener /listeners - Randy On Tue, Dec 9, 2008 at 10:18 AM, Niklas Gustavsson [EMAIL PROTECTED] wrote: On Mon, Dec 8, 2008 at 8:32 PM, Fred Moore [EMAIL PROTECTED] wrote: on linux we noticed that a number of file descriptors associated with sockets are leaked when using FTP/S TLS/Explicit as we serve connect and disconnects (and -- possibly - LIST commands returning empty lists) eventually leading to a Too Many Files Opened condition as we hit th 1024 file descriptor limit in /proc. To make sure I understand you correctly: * Do you only see this when running in SSL/TLS explicit mode? If running without SSL/TLS or in implicit mode, do you get the same behavior? * You only see this when doing LIST? If you only do connect-disconnect, you don't get the problem? If doing a STOR or RETR, do you get the problem? * Do you only get the problem when returning an empty LIST? [snip] Has anyone seen this before? Not really no, but I haven't really pushed it on very specific cases like this. However, if we can nail it down to a repeatable test case, I'm willing to try debugging it. /niklas
Re: Active vs Passive performance
Steve, 1.5 and 1.6 JREs and Windows Vista have had several issues and I guess there are more to be fixed. (For instance, just this week I had to update to 1.6.0_7 in order to have Socket.getLocalAddress() return the correct IP address - it didn't in 1.6.0_6) I expected that 1.5.0_16 included all the available bugfixes. Otherwise, they'll have to release a new version, I hope that will be soon. Taking this into account, are you using Vista in your JRE 1.5 system or just in your development machine? A five second delay between the PORT command and the responde code is something much more people would have noticed and I think it didn't happen with my Linux server and JRE 1.5.0_15. So it is quite possible that it is a Vista-only issue; my advice is (in case your server is not a Vista machine) that you test this behaviour again in your target OS. As niklas said, probably there's little we can do here, but waiting for sun to fix these issues. Anyway let us know if you find a workaround! For data connections we are not using MINA but regular synchronous sockets so the code can be easily read or traced :) cheers, david 2008/11/7 Niklas Gustavsson [EMAIL PROTECTED] On Fri, Nov 7, 2008 at 4:16 PM, Steve Luebbe [EMAIL PROTECTED] wrote: Well I have good and bad news to report. The good news is that we found out why the active connection speed is slower. The bad news is that it relates to the version of JRE you are running. With 1.5.0_16 JRE: 1) Active connections are extremely slow 2) If you browse a remote site and keep changing directories over and over (ls) it will actually stop responding after 20+ commands or so. With JRE 1.6.0_07 everything seems to be working fine. Oh, that likely means that there might be limited ways for us to fix this, but we might find a workaround. Let's keep the bug report open and we'll see if we can reproduce the problem. /niklas
Re: Active vs Passive performance
Hello, This is a very odd behaviour indeed. Any way, we should congratulate ourselves that Apache FtpServer might perform as well as GlobalScape. Although it seems that globalscape can do much more things than us. How are you sending the files? It would be great if you could provide a test case (e.g., using commons net ftp) so other people can check this behaviour in their environment. David 2008/11/7 Erik Morton [EMAIL PROTECTED] I have observed similar results but I haven't tested it like this yet. On Nov 6, 2008, at 5:30 PM, Steve Luebbe [EMAIL PROTECTED] wrote: So, I've done a lot additional testing and here are the results. We currently have a GlobalScape FTP Server in our network up and running. I ran two transfers to it, each with 35 small files, one in active and one in passive mode. Both transfers took approx 3 seconds to complete. Then I took Apache FTPServer and installed it on the same machine and ran the same tests to it. Passive took 3 seconds and active took around 156 seconds. This test eliminates my theory that it's network or pc related. Below is a small clip from the log file during the active transfer that took a long time. [ INFO] 2008-11-06 12:19:32,828 [erick] [192.168.1.213] RECEIVED: PORT 192,168,1,213,194,107 [ INFO] 2008-11-06 12:19:32,828 [erick] [192.168.1.213] SENT: 200 Command PORT okay. [ INFO] 2008-11-06 12:19:32,828 [erick] [192.168.1.213] RECEIVED: STOR /PERFORMANCE/DB_CSV_FTP.XML [ INFO] 2008-11-06 12:19:37,328 [erick] [192.168.1.213] File upload : erick - /performance/db_csv_ftp.xml [ INFO] 2008-11-06 12:19:37,328 [erick] [192.168.1.213] SENT: 150 File status okay; about to open data connection. [ INFO] 2008-11-06 12:19:37,328 [erick] [192.168.1.213] SENT: 226 Transfer complete. As you can see there is a 5 second delay in there only during Active connections. If you need any additional information please let me know. Thanks in advance!! Steve Niklas Gustavsson wrote: On Wed, Nov 5, 2008 at 11:09 PM, Steve Luebbe [EMAIL PROTECTED] wrote: Has anyone noticed a difference in performance between FTPing in Active mode vs. Passive mode? I have two laptops on the same network: 1) Client - Windows Vista, firewall disabled, using FileZilla 2) Apache FTPServer - Windows XP, firewall disabled When FileZilla is set to passive it is relatively fast. When I switch it to active it is 2 times to 3 times slower. I've done quite a bit of research and playing around but I haven't been able to determine why. I'm hoping someone can shed some light on this for me... Do you see the same behavior with other clients? I can't see anything obvious in our code that would cause this but I don't have any numbers to back that we don't have a problem in this area. /niklas __ Information from ESET NOD32 Antivirus, version of virus signature database 3592 (20081106) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
Re: Any real-world Evidence FtpServer can be run in Spring as part of a webapp, and still accept connections?
Since I'm no member of the development team and there're several posts stating that I'm deploying FtpServer on Glassfish v2u2 v2u1 (and have tested it on Apache Tomcat too) my word should be enough , I think. I have 4 copies of FtpServer running on 4 different machines and they are all started from a ContextListener. As I said, I tested my example both on Tomcat and Glassfish but I remarked that some versions of Glassfish Might fail to deploy the server correctly due to what it seems like a glassfish bug. So, did you try what I say? You just deploy to tomcat my example app with the xml config from my previous email regarding this topic. If it is working you'll already know that ftpserver is working correctly. Otherwise, post the actual xml config you used plus the log files (I think that my example just logged to console - so your application server log file ) that should indicate any problem that might exist. We're willing to help but you don't seem to pay much attention to our feedback. So, please, follow these steps so we can reach to a conclusion. If you (and I mean ' Brad and Phlogiston') just send complaints with no input on what your problem is, it is impossible you can make it work. I was tempted to send an example app which just called new FtpServer() start() so there was no need to tweak the xml file but I thought that using an XML file would be more useful. My fault probably. In your XML config, try first with absolute paths to your users.properties file or the keystore. But as I said, I suggest that you try first with no UserManager configured nor SSL. I sent you the body of the xml file so just substitute your current server/server with that one I provided. Cheers, David Latorre 2008/10/20 Phlogiston Eight [EMAIL PROTECTED] Is there any real-world evidence that FtpServer can be instantiated from a Spring XML config file, started, and then successfully accept client connections? I know that is the claim, but I need to know if there is any real world evidence of that. In other words; someone has tried it and it accepted FTP client connections, and allowed uploads/downloads, etc... I've gone through the archives, and so far, no one other than the development team have posted reports of any successful use of FtpServer deployed in a Web Container as a Spring app, using a Spring XML config file. I am not refuting its claim to work under those conditions--I simply am trying to establish what is known about FtpServer, empirically. Not what people claim it can do, but what independent developers have gotten it to do. Has anyone out there, unconnected to the dev team, independently deployed FtpServer as a Spring app, using a Spring XML config file/files--and been able to connect to it with an Ftp client, and upload/download etc...? The purpose of this post is to ask that question, in a search for evidence. I make no claims at this time about whether it does or does not. _ Store, manage and share up to 5GB with Windows Live SkyDrive. http://skydrive.live.com/welcome.aspx?provision=1?ocid=TXT_TAGLM_WL_skydrive_102008
Re: ContextListener Example NetBeans Project
Phlogiston, I've tested the example under windows with both tomcat and glassfish 2(v1 I think but I cannot tell you right now) with this simple configuration in ftpd-typical.xml: server xmlns=http://mina.apache.org/ftpserver/spring/v1; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation= http://mina.apache.org/ftpserver/spring/v1 http://mina.apache.org/ftpserver/ftpserver-1.0.xsd id=myServer listeners nio-listener name=default port=2121 /nio-listener /listeners /server This works for me with no tweaking at all, just right click on the project and select undeploy deploy. Can you try running with that config? Of course you won't be able to log in but you should be able to connect to port 2121. If it doesn't work please stop glassfish and try to deploy the app to Tomcat. There is a chance that there is a bug in latest Glassfish (v2ur2 ) running on windows for I've seen some problems similar to this one: https://issues.apache.org/jira/browse/DIRMINA-618?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel At the time I came across that issue, I thought I had to reinstall Glassfish or check for firewall issues. You may deactivate windows firewall for this test so we discard possible unrelated problems. So can you please run the example with that xml and check glassfish logs (netbeans' output tab) for some error related to NIO ? 2008/10/20 Phlogiston Eight [EMAIL PROTECTED] Thank you for posting that example of a servlet-context listener-based launcher for FTPServer within Spring. I appreciate it. One question: I imported it into NetBeans, and made the few necessary changes (substituting actual values for placeholders in properties, etc...). After that, your example NetBeans project builds and runs. It Does start FtpServer (does call its .start() method) when the webapplication is started in Glassfish. However, it no longer accepts any FTP connections at all. I cannot get any FTP client to successfully connect to it. So it can't be used. Maybe there is another step I need to do which wasn't in the post? That's what I'm hoping, because this example comes so close. The problem is not failed login, because the USER and the PASS commands never get issued to FTPServer. Instead, when the client, at the very first, tries to get a connection to talk to the Server, the Server times out. THe client waits and waits for a connection so it can send the USER command--but the connection is never granted by FTPServer. I already had an application which gave connections, allowed logins, uploads, downloads, all FTP operations. It all worked perfectly in mine--but there was one fundamental problem: it had to be kicked-off (the server started) by calling a main() method. A no-no for a deployed, Spring-based web application. In some cases, an impossibility. So my hope was that your post would solve that prob. It does solve that problem--but unfortunately, no client can connect any more. I've tested in SSL mode AND in basic, NON-SSL mode. Either way, the server always times out before returning a connection to the client. Do you know why this could be? Anyone else know? FtpServer Does start when the webapp starts--but it no longer functions (allows connections). _ Want to read Hotmail messages in Outlook? The Wordsmiths show you how. http://windowslive.com/connect/post/wedowindowslive.spaces.live.com-Blog-cns!20EE04FBC541789!167.entry?ocid=TXT_TAGLM_WL_hotmail_092008
Re: Any simple way to make Spring auto-call start() on FtpServer when it is registered using the server tags? Follow-up, Ralph Palmer: No--the XML config
Hello Brad, Actually Ralph's idea sounds great (why does it need to be a DisposableBean, Ralph? my knowledge of Spring is = null) and it start FtpServer automatically , no need to provide a Main class. He builds a web application with that single file and the changes stated in his mail (yeah, read it carefully! basically you need to add a bean definition in your Spring file pointing to the class he developed). Niklas I do think that using Spring lifecycle is better than a ContextListener. For example, with Spring it is very easy to deploy the whole thing as a resource adapter instead of a web-application . Spring v2 documentation states that this is useful when you need to deploy something to an application server where you would previously use an empty Web Applicaton. It seems like our use case here! By the way, I have provided a sample project in Jira. It uses a ContextListener to start FtpServer inside a web application. The ftpd-typical.xml file should be edited to configure the usermanager and provide the SSL keystore. After that you can build deploy the app!. 2008/10/15 Sisk, Brad [EMAIL PROTECTED] You wrote: Something like this worked for me: package my.ftp import org.apache.ftpserver.FtpServer; import org.springframework.beans.factory.DisposableBean; public class FtpWrapper implements DisposableBean { private FtpServer server; private FtpWrapper() { } public void setFTPServer(FtpServer server) { this.server = server; init(); } private void init() { try { server.start(); ...etc... I appreciate your suggestion, Ralph. But if I'm not mistaken, it looks like you've posted a solution for a standalone Java app-not the Spring approach to bean instantiation. For example, your solution directly instantiates FtpServer the way a main() method would-rather than using the Spring BeanFactory or ApplicationContext approach. As I originally posted, I already know how to launch FTPServer using Java. That's not what I'm asking about. My question was about how one does the same thing in a deployed Spring application. Spring. In Spring, you are not supposed to directly instantiate any object-but rather let Spring instantiate them by calling Spring's BeanFactory methods. However, for the BeanFactory instantiation to work, one has to have the proper XML configuration file written. THIS is the question I was asking: What is the XML I have to write to force Spring to automatically call FtpServer.start()? See, I need to know how to make SPRING call server.start()---using XML. I 'm not asking how to write a Java method call.
Re: FTPS List, assert secure data connection?
2008/10/16 Jeroen Cranendonk [EMAIL PROTECTED] Ahh, right! So my only problem is I'm working with old code :) Ok, cheers! :) Correct me anyone if I'm wrong but if you are using isSecure methods you are not using old code so probably onBeforeCommand is already present in your version. Did I misunderstand you? What version are you working with? In your case I would probably use onBeforeCommand for PORT and PASV. Cheers, David Latorre -Oorspronkelijk bericht- Van: Niklas Gustavsson [mailto:[EMAIL PROTECTED] Verzonden: Thursday, October 16, 2008 3:48 PM Aan: ftpserver-users@mina.apache.org Onderwerp: Re: FTPS List, assert secure data connection? On Thu, Oct 16, 2008 at 3:28 PM, Jeroen Cranendonk [EMAIL PROTECTED] wrote: We're using ftpserver as a ftps server over here :) I ran into a snag though, the customer demands all 'interesting' stuff is sent secure, so in onDownload() etc. we check if the -data- connection is secure. But there's no ftplet onList() for the 'LIST' command, altough LIST -does- use the data connection to send it's list. So I've got no hook to check if the data connection is secure before sending the list. Any ideas how to hack this in? My current desperate plan is to add a onList myself :) You now have onBeforeCommand and onAfterCommand callback methods in Ftplets so you can add checks to whatever method you like. /niklas ___ Help save paper! Do you really need to print this email? Aan de inhoud van dit bericht kunnen alleen rechten ten opzichte van Sdu Identification B.V. worden ontleend, indien zij door rechtsgeldig ondertekende stukken worden ondersteund. De informatie in dit e-mailbericht is van vertrouwelijke aard en alleen bedoeld voor gebruik door geadresseerde. Als u een bericht onbedoeld heeft ontvangen, wordt u verzocht de verzender hiervan in kennis te stellen en het bericht te vernietigen zonder te vermenigvuldigen of andersoortig te gebruiken. The contents of this electronic mail message are only binding upon Sdu Identification B.V., if the contents of the message are accompanied by a lawfully recognized type of signature. The contents of this electronic mail message are privileged and confidential and are intended only for use by the addressee. If you have received this electronic mail message by error, please notify the sender and delete the message without reproducing it and using it in any way.
Re: how to client
No, you'd use a regular FTP client to connect to the server.There're several Java implementations of a FtpClient you can use. The simplest case: if i'm not wrong you can use a 'ftp://' string in order to create an URL with Java standard classes which will effectively connect you to the specified ftpserver. Apache commons net ftp client is used in FtpServer client tests and it looks like a very good option(I'm using apache commons ftp myself in our custom client). 2008/10/14 micah [EMAIL PROTECTED] Are there any examples on writing a client to to use the server? thanks, micah
Re: how to client
2008/10/14 Andrea Francia [EMAIL PROTECTED] 2008/10/14 David Latorre [EMAIL PROTECTED]: No, you'd use a regular FTP client to connect to the server.There're several Java implementations of a FtpClient you can use. The simplest case: if i'm not wrong you can use a 'ftp://' string in order to create an URL with Java standard classes which will effectively connect you to the specified ftpserver. Apache commons net ftp client is used in FtpServer client tests and it looks like a very good option(I'm using apache commons ftp myself in our custom client). A thing that I really don't like about Apache commons net Ftp Client is that you should uses getReply() and FTPReply.isPositiveCompletion(reply) instead of exceptions to handle command failures. Yeah sure that's a pain. But I haven't tested any good alternatives to commons-net. Feel free to suggest any! What I really don't like about commons-net and makes it much less usable is that it seems i cannot override the ip address returned by PASV command so I can open a data socket to the IP that I connected to (that of the control channel) instead of the IP returned by PASV. If i remember correctly, most UI-based ftp clients can do that. -- Andrea Francia http://andreafrancia.blogspot.com/
Re: Setting Up Logging in FTP Server
Hello Phlogiston, I'm embedding FTPServer in a webapp with my log4j.properties in WEB-INF/classes and it is working perfectly. I don't know what can be your problem. By the way, if you're reading this Niklas, I was about to send my .war with FTPServer embedded when I noticed that if my listener config was wrong and the server didn't stop correctlyI had to restart the Application Server cause the port was already in use by the JVM even after undeploying the war. I didn't have time to check it last week but I guess the problem is that you're setting started=true after starting all the listeners. Even if I catch the Exception in FtpsServer.start() and I call stop, it won't stop anything as started hasn't been set. 2008/10/6 Phlogiston Eight [EMAIL PROTECTED] I have log4j.properties in the /classes subdir as usual, but for some reason, the webapp does not seem to be finding it. Logging is not working yet, no log files being written when the app is run. The FTPServer, itself is running and working fine. But it is not logging. We are running FTPServer embedded in our webapp. It is writing to System.out. that No appenders are set-up (Log4j). However, an appender IS defined properly in the log4j.properties file--which is inside WEB-INF/classes. I have used log4j on its own, for years, in web applications. For web applications, WEB-INF/classes is where you are supposed to put log4j.properties, to define the appenders. Where do I have to put log4j.properties within my project for FTPServer to successfullly find it? I'm looking for a specific direectory or URI. Thanks. _ Get more out of the Web. Learn 10 hidden secrets of Windows Live. http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
Re: using SSL with FTPServer
Phlogiston, SSL configuration is explained at the docs. I guess you have to -at least- set the keystore file and the keystore password. FtpServer comes with a keystore file you can use for this. Otherwise, google for instructions on using keytool to generate a self-signed certificate. You don't need to enable implicit SSL, that's to use implicit ssl rather than explicit ssl. A client you can use to test the server and which supports both implicit explicit SSL is Filezilla. I don't know if the docs are correct when it is said that the 'data channel' is only encrypted in passive mode. I think last time I checked, the data channel was encrypted in active mode too. Can anybody confirm one of these two options? 2008/10/6 Phlogiston Eight [EMAIL PROTECTED] I see that FTPServer comes with support for SSL. If you want to start using it, what are the series of steps you must take to enable it? I know you would set isImplicitSSLEnabled = true, but what else must you do to set up FTPServer to use SSL? _ See how Windows connects the people, information, and fun that are part of your life. http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/
Z mode in Java FTP Clients
Hello, I was wondering if any java ftps client libraries ( currently I'm using the latest commons net ftp version so I can use explicit SSL) support Z mode or I would have to compress/uncompress everything coming from the data channel.
Re: Problem getting the server working on MacOSX Leopard
There is a chance that is due to canWrite() returning false even if the directory is writable. There are several bug reports at http://bugs.sun.com/which complain about this fact (in most systems there isn't any syscall or function which will return this value correctly). Erik could you try this ? public static void main(String args[]) { File adminHome = new File(PATH_TO_RES_ADMIN); File aFile = null; if (!adminHome.canWrite()) { System.out.println(Problem found: canWrite returns false); try { aFile = File.createTempFile(prefix, sufix, adminHome); System.out.println(canWrite does not work as expected in your environment, it returned false but the file + aFile.getAbsolutePath() + was created); } catch (IOException e) { System.out.println(PATH_TO_RES_ADMIN + is actually non-writable hence the server response. Exception: ); e.printStackTrace(); } } else { try { aFile = File.createTempFile(prefix, sufix, adminHome); System.out.println(This is not a java.io.File bug, we need to check further.Created file was: + aFile.getAbsolutePath()); } catch (IOException e) { System.out.println(canWrite returns true but there was a problem trying to create the file. Exception: ); e.printStackTrace(); } } if (aFile != null) { aFile.deleteOnExit(); } } 2008/8/20 Erik Morton [EMAIL PROTECTED] Yes, silly typo. ./res/admin is a directory. I am able to get a file from ./res/admin, I just can't put a file there. On Aug 20, 2008, at 3:45 AM, Niklas Gustavsson wrote: Cool, you're the first case of using IPv6 with FtpServer that I've seen. On Tue, Aug 19, 2008 at 11:31 PM, Erik Morton [EMAIL PROTECTED] wrote: I created a file called ./res/admin, which is chmod 777 When you say file, do you really mean a directory? /niklas