- to appease the security freaks, ONLY clients that are ALREADY connected in the lobby are able to connect to the built in FTP server now

2025-08-16 13:23:59 +02:00 · 2011-01-07 06:21:23 +00:00
parent 02b7787b35
commit b30fe62528
10 changed files with 152 additions and 60 deletions
--- a/source/shared_lib/sources/feathery_ftp/ftpTargetWin32.c
+++ b/source/shared_lib/sources/feathery_ftp/ftpTargetWin32.c
@@ -15,8 +15,8 @@
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-
-#ifdef WIN32
+
+#ifdef WIN32

 #include <windows.h>
 #include <stdio.h>
@@ -32,7 +32,7 @@
 #pragma comment(lib, "ws2_32")
 #pragma comment(lib, "MSWSOCK")

-ip_t ownIp;
+ip_t ownIp;

 LOCAL fd_set watchedSockets;
 LOCAL fd_set signaledSockets;
@@ -41,7 +41,7 @@ LOCAL int maxSockNr;
 void ftpArchInit()
 {
 	WSADATA wsaData;
-	ownIp = 0;
+	ownIp = 0;
 	maxSockNr = 0;
 	FD_ZERO(&watchedSockets);
 	WSAStartup(MAKEWORD(2, 0),&wsaData);
@@ -209,7 +209,8 @@ int ftpRemoveDir(const char* path)

 int ftpCloseSocket(socket_t s)
 {
-	return closesocket((SOCKET)s);
+	if(VERBOSE_MODE_ENABLED) printf("\nClosing socket: %d\n",s);
+    return closesocket((SOCKET)s);
 }

 int ftpSend(socket_t s, const void *data, int len)
@@ -257,8 +258,8 @@ socket_t ftpEstablishDataConnection(int passive, ip_t *ip, port_t *port, int ses
 		}
 		myAddr.sin_family      = AF_INET;
 		myAddr.sin_addr.s_addr = INADDR_ANY;
-		myAddr.sin_port        = htons(20);
-
+		myAddr.sin_port        = htons(20);
+
 		if(bind(dataSocket, (struct sockaddr *)&myAddr, sizeof(myAddr)))
 		{
 			closesocket(dataSocket);
@@ -274,19 +275,26 @@ socket_t ftpEstablishDataConnection(int passive, ip_t *ip, port_t *port, int ses
 		}
 	}
 	else
-	{
+	{
+	    int passivePort = ftpGetPassivePort() + sessionId;
+	    if(VERBOSE_MODE_ENABLED) printf("\nPASSIVE CONNECTION for sessionId = %d using port #: %d\n",sessionId,passivePort);
 		myAddr.sin_family = AF_INET;
 		myAddr.sin_addr.s_addr = INADDR_ANY;
-		//myAddr.sin_port = htons(0);
-		myAddr.sin_port = htons(ftpGetPassivePort() + sessionId);
-
-		setsockopt(dataSocket, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on));
+		myAddr.sin_port = htons(passivePort);
+		//myAddr.sin_port = htons(ftpGetPassivePort() + sessionId);
+
+		setsockopt(dataSocket, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on));

 		if(bind(dataSocket, (struct sockaddr *)&myAddr, sizeof(myAddr)))
 	    {
+			if(VERBOSE_MODE_ENABLED) printf("\nPASSIVE CONNECTION for sessionId = %d using port #: %d FAILED: %d\n",sessionId,passivePort,dataSocket);
+
 			closesocket(dataSocket);
 			return -1;
 	    }
+
+	    if(VERBOSE_MODE_ENABLED) printf("\nPASSIVE CONNECTION for sessionId = %d using port #: %d bound ok\n",sessionId,passivePort);
+
 	    len = sizeof(myAddr);
 		if(getsockname(dataSocket, (struct sockaddr *)&myAddr, &len))             // Port des Server-Sockets ermitteln
 	    {
@@ -297,12 +305,16 @@ socket_t ftpEstablishDataConnection(int passive, ip_t *ip, port_t *port, int ses
 		*port = ntohs(myAddr.sin_port);
 		*ip   = ownIp;

+        if(VERBOSE_MODE_ENABLED) printf("\nPASSIVE CONNECTION for sessionId = %d using port #: %d about to listen on port: %d using listener socket: %d\n",sessionId,passivePort,*port,dataSocket);
+
 	    if(listen(dataSocket, 1))
 	    {
+	        if(VERBOSE_MODE_ENABLED) printf("\nPASSIVE CONNECTION for sessionId = %d using port #: %d FAILED #2: %d\n",sessionId,passivePort,dataSocket);
+
 			closesocket(dataSocket);
 	        return -1;
-	    }
-
+	    }
+
   		//*port = ftpGetPassivePort();
 		//*ip   = ownIp;
        //dataSocket = ftpGetServerPassivePortListenSocket();
@@ -320,9 +332,21 @@ socket_t ftpAcceptDataConnection(socket_t listner)

 	dataSocket = accept(listner, (struct sockaddr *)&clientinfo, &len);
 	if(dataSocket < 0)
+	{
 		dataSocket = -1;
+	}

 	closesocket(listner); // Server-Socket wird nicht mehr gebrauch deshalb schließen
+
+    ip_t remoteIP = ntohl(clientinfo.sin_addr.s_addr);
+    if(ftpIsValidClient && ftpIsValidClient(remoteIP) == 0)
+    {
+if(VERBOSE_MODE_ENABLED) printf("Connection with %s is NOT a valid trusted client, dropping connection.\n", inet_ntoa(clientinfo.sin_addr));
+
+        close(dataSocket);
+        dataSocket = -1;
+    }
+
 	return (socket_t)dataSocket;
 }

@@ -341,8 +365,8 @@ socket_t ftpCreateServerSocket(int portNumber)
 	serverinfo.sin_addr.s_addr = INADDR_ANY;
 	serverinfo.sin_port = htons(portNumber);
 	len = sizeof(serverinfo);
-
-	setsockopt(theServer, SOL_SOCKET, SO_REUSEADDR, (char *)&val, sizeof(val));
+
+	setsockopt(theServer, SOL_SOCKET, SO_REUSEADDR, (char *)&val, sizeof(val));

 	if(bind(theServer, (struct sockaddr *)&serverinfo, len))
 	{
@@ -384,6 +408,14 @@ if(VERBOSE_MODE_ENABLED) printf("getsockname error\n");

 if(VERBOSE_MODE_ENABLED) printf("Connection with %s on Port %d accepted.\n", inet_ntoa(sockinfo.sin_addr), *remotePort);

+    if(ftpIsValidClient && ftpIsValidClient(*remoteIP) == 0)
+    {
+if(VERBOSE_MODE_ENABLED) printf("Connection with %s on Port %d is NOT a valid trusted client, dropping connection.\n", inet_ntoa(sockinfo.sin_addr), *remotePort);
+
+        close(clientSocket);
+        clientSocket = -1;
+    }
+
 	return clientSocket;
 }

@@ -420,4 +452,4 @@ int ftpSelect(int poll)
 		return select(maxSockNr+1, &signaledSockets, NULL, NULL, NULL);
 }

-#endif
+#endif