| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Although specs discourage it, ftps:// is generally accepted to mean
"implicit" TLS on a separate port (in the same style as HTTPS); some
servers still use this method and it's regaining popularity within IANA.
gvfs couldn't connect to such servers, as it only implemented "explicit"
TLS (STARTTLS) mode.
This patch implements "implicit" TLS mode and adds the 'ftpis' URI
scheme for it.
https://gitlab.gnome.org/GNOME/gvfs/issues/4
|
|
|
|
|
|
|
|
|
|
|
|
| |
When ftp is layered on top of TLS, it does a write-write-read which
causes a large amount of latency due to the combination of Nagle's
algorithm and delayed ACKs. Use TCP_NODELAY to disable Nagle's algorithm
and prevent this.
The flag is used for both secure and normal connections. This should
not cause any issues.
https://bugzilla.gnome.org/show_bug.cgi?id=526582
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement TLS support (aka explicit ftps). This is done by using a
different URL scheme, ftps, so that it is only used if explicitly
specified.
Although the protocol allows transparently upgrading a normal
connection to a secure one, there are several problems with this.
FEAT is needed to determine support for it but some servers do not allow
this before login. Some servers are configured to allow AUTH TLS but
have firewalls that block data connections because they can't inspect
the traffic. Servers may disallow TLS on the data connection, making it
unclear to the user how secure the connection is. Finally, there may be
verification errors which need to be presented to the user, and these
are unexpected because they did not choose to use ftps.
Making secure ftp opt-in as a separate URL scheme side-steps most of
these issues as well as ensuring there are no regressions for normal
ftp. When using ftps, we assume that the server implements AUTH TLS so
the connection is secured before login. It is also assumed that TLS for
data connections is allowed, so both control and data connection are
secure before any information is transferred.
Verification errors are presented during mounting. If the identity
changes on subsequent reconnections, the connection is aborted.
While presenting verification errors to the user in this way is perhaps
not the best way of handling security, it is fairly standard.
The implementation has been successfully tested on vsftpd, ProFTPD,
Pure-FTPd, IIS, and FileZilla Server.
Based on a patch by Benjamin Otte.
https://bugzilla.gnome.org/show_bug.cgi?id=526582
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is data waiting on an FTP connection and we didn't request it.
It's not ours and we have no way to clear it. Just makr this connection
as unusable.
Most likely this is the server notifying us about a timeout or other
connection abort, so it's a good idea to treat it as an error anyway.
Also includes a new debug message for when we mark a connection as
unusuable and why.
https://bugzilla.gnome.org/show_bug.cgi?id=591054
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating the address of the FSF.
This has been done by:
while read file; do
sed -i 's:59 Temple Place:51 Franklin Street:' $file
sed -i 's:Suite 330:Fifth Floor:' $file
sed -i 's:02111-1307:02110-1301:' $file
done
https://bugzilla.gnome.org/show_bug.cgi?id=656598
Signed-off-by: Tomas Bzatek <tbzatek@redhat.com>
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=659815
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=641856
|
|
|
|
|
| |
Closing the data condition works unconditionally, the close function
checks itself.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a waiting_for_reply boolean flag to the connection. Set it when
sending a request to the server, clear it after receiving a reply.
When trying to push the connection into the connection pool, only allow
that when it is not waiting for a reply.
This way we fix the case where the task was cancelled while waiting for
the reply. It would then ignore the reply and happily push the connection
with the pending reply back into the pool, leaving the next one to use
it with a stale reply. You can imagine the hilarity that happened from
this.
Also, g_return_if_fail() if trying to send a command when waiting for a
reply or when trying to receive a command while not waiting.
If it turns out I overlooked a valid case where this can happen, we
need to remove those checks. So far I didn't find any.
|
|
|
|
|
| |
Enable keepalive on the command connection. See the comment in the
source code or the bug report for a detailed explanation.
|
|
|
|
| |
g_socket_accept got a new cancellable argument
|
|
|
|
|
| |
Add initial support for the PORT command. Support for EPRT and a
non-ugly API are still missing.
|
|
|
|
|
| |
use get_data_stream() instead and call read/write on that manually.
Reduces the number of API.
|
|
|
|
| |
Add a separate function for requesting the debug id
|
|
|
|
|
| |
- replace tabs with 8 spaces
- remove spaces at end of line
|
|
|
|
|
| |
- print LIST replies again
- make connections have a debug id and use it for debugging prints
|
|
|
|
|
|
| |
The cache handling has been split into a separate file and structure
now. While the API still isn't perfect, it's much clearer than before.
It's also faster when looking up lots of symlinks.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
split out the old FtpConnection struct into a separate GVfsFtpTask
structure that acts as a one-stop solution to vfuncs. It keeps track of
all important structures:
- the backend
- the current job
- the potential connection to the server
- the error state
during the lifetime of a backend vfunc and supplies convenience
functions to ease implementing these vfuncs. The API of gvfsftptask.h is
documented.
|
|
the current FtpConnection object is not flexible enough. It is doing too
many things at once, namely:
1) handling a physical connection to the ftp server
2) handling a GVfsJob's lifetime
Also, the file gvfsbackendftp.c is too big, counting >2000 lines.
This is the first step in an attempt to separate these two things. It
splits out the physical connection into different files and makes the
old FtpConnection code use this instead.
A side effect of this is that it includes a change so that reading lines
is now done with a GDataInputStream instead of manually, as suggested by
Alex.
|