andrewarrow / paradise_ftp Goto Github PK

paradise_ftp is a powerful, 100% native (golang) ftp server that is production ready.

License: MIT License

Go 100.00%

paradise_ftp's Introduction

paradise_ftp

paradise_ftp is a powerful, 100% native (golang) ftp server that is production ready.

It can handle 1000's of connections and 1000's of files flying back and forward sideways under and through. It does not run out of file descriptors. It does not forget to close any socket connection or socket listener. Ahem hem, cough cough, looking at you https://github.com/goftp/server.

FYI FTP is a big protocol and I only implemented the stuff I needed. Stuff that's here:

passive socket connections (not active ones)
uploading files (not downloading)
directory listing
user authentication (soon to suppport Bitium API https://developer.bitium.com)
Both EPSV and PASV commands
uploads large files without reading entire file into memory
uploads read first 512 bytes of file first into bufffer to check mime type
graceful restarts by sending kill -USR2 pid
There is a good fork here https://github.com/fclairamb/ftpserver with even more stuff!

Sample Run:

$ ftp ftp://auser:[email protected]:2121
Connected to 127.0.0.1.
220 Welcome to Paradise
331 User name ok, password required
230 Password ok, continue
Remote system type is UNIX.
Using binary mode to transfer files.
200 Type set to binary

ftp> dir
229 Entering Extended Passive Mode (|||55729|)
150 Opening ASCII mode data connection for file list
-rw-r--r-- 1 paradise ftp        13984 Mar 12 11:51 paradise.txt
-rw-r--r-- 1 paradise ftp        13984 Mar 12 11:51 paradise.txt
-rw-r--r-- 1 paradise ftp        13984 Mar 12 11:51 paradise.txt
-rw-r--r-- 1 paradise ftp        13984 Mar 12 11:51 paradise.txt
-rw-r--r-- 1 paradise ftp        13984 Mar 12 11:51 paradise.txt

226 Closing data connection, sent bytes
ftp> put file_driver.go 
local: file_driver.go remote: file_driver.go
229 Entering Extended Passive Mode (|||55732|)
150 Data transfer starting
100% |**********************************************************************|  4624        8.89 MiB/s    00:00 ETA
226 OK, received some bytes
4624 bytes sent in 00:00 (981.44 KiB/s)
ftp>

Server Output:

$ ./paradise 
listening on:  localhost:2121
Got client on:  127.0.0.1:55728

Web Monitoring Output:

2 client(s), 6 passive(s), Up for 00:00:29
   41949e 00:00:20, user1
     0fbeb0 00:00:08, 59119 LIST 
     7dcdf7 00:00:04, 59441 EPSV 
   2d3beb 00:00:13, user2
     dc6776 00:00:13, 58859 LIST 
     2772a8 00:00:10, 58989 STOR hello.txt

paradise_ftp's People

Contributors

Stargazers

Watchers

Forkers

17twenty jmptrader buddhamagnet soffokl lakshmichandrakala dankerns shanmoorthy egbertchang ssor zeropool apanoo cloudxtreme yhtsnda priestd09 puper introspection3 xiejiulong

paradise_ftp's Issues

Can you add setting api?

Configure settings by function api, don't need conf .toml file.

Thank you, great job.

Set default port to 21

Name or service unknown

ftp: localhost:5010: Name or service not known

Is 5010 the port used?

I found this port in server.go and not :2121 as given in README.

Crash when telnet + LIST (dos vulnerability)

When connecting via telnet to the FTP and just typing "LIST" the FTP code will crash (panic).

To fix it add checks here:

1. In server.go
func (p *Paradise) lastPassive() *Passive {
    passive := p.passives[p.lastPassCid]
    if passive == nil {
        return nil
    }

2. uploader.go
func (p *Paradise) HandleStore() {
    passive := p.lastPassive()
    if passive == nil {
        return
    }

3. directory.go
func (p *Paradise) HandleList() {
    passive := p.lastPassive()
    if passive == nil {
        return
    }

Major security bug

https://github.com/andrewarrow/paradise_ftp/blob/master/server/auth.go

Line 13: You are NOT terminating the connection, it stays alive. An attacker can supply any user/pass combination and remain logged in and run operations like LIST or STOR.
This can be exploited simply by using the Windows command line tool "ftp" which does not close the connection if the server responds 530.

To fix it, add this code there:

        p.theConnection.Close()
        delete(ConnectionMap, p.cid)

Licence ?

Hi,

Thank you very much for your work. I couldn't find any other go library that would at least work on modern systems.

I made a fork ( https://github.com/fclairamb/ftpserver ) and I just realised you didn't put a licence on it.

Could you add one ? I don't have any particular preference.

how handle authorization

Hi, I can't found in the doc how login with credentials, please let me know how do it, thanks!!.

Cannot install with go get on Windows

> go get github.com/andrewarrow/paradise_ftp
# github.com/andrewarrow/paradise_ftp/server
<snip>...\Go\src\github.com\andrewarrow\paradise_ftp\server\starter.go:27: undefined: syscall.SIGUSR2
<snip>...\Go\src\github.com\andrewarrow\paradise_ftp\server\starter.go:35: undefined: syscall.SIGUSR2
<snip>...\Go\src\github.com\andrewarrow\paradise_ftp\server\starter.go:77: undefined: syscall.Kill

Could not install with go get

I could not install the package with the standard $ go get github.com/andrewarrow/paradise_ftp.

Does put really works

Thanks for creating this project. I am trying it out. However I can not see those files in target location.

ftp> put project.json /Users/v676770/ftplocation/
local: project.json remote: /Users/v676770/ftplocation/
229 Entering Extended Passive Mode (|||61460|)
150 Data transfer starting
100% |****************************************************************************************************************************************************| 13 528.97 KiB/s 00:00 ETA
226 OK, received some bytes
13 bytes sent in 00:00 (5.65 KiB/s