FTPS and vsftpd 2.2

[eyebex]

BTW, it seems as if vsftpd 2.2.0 re-introduces the broken behavior of versions <= 2.0.6.

[botg]

2.2 works fine for me.

[eyebex]

Strange, for me it breaks both FZ and SmartFTP. Reverting to vsftpd 2.1.2 fixes it. As far as encryption-related settings are concerned, I'm using:

force_local_data_ssl=NO
require_ssl_reuse=NO
ssl_enable=YES

[botg]

More information please. Used operating system? Used SSL library? Self-compiled vsftpd or some binary package? In the latter case, which patches (if any) are applied to vsftpd compared to the original source?

[eyebex]

I'm on Gentoo Linux, x86, so vsftpd is self-compiled and linked against dev-libs/openssl-0.9.8k. For the patches, see the ebuild file at http://gentoo-portage.com/AJAX/Ebuild/94063/View. I think there are just three directory layout related (or similar) patches, nothing serious. But I believe it's a vsftpd issue, not an FZ issue.

[botg]

I've got vsftpd compiled using exactly the same ebuild, works fine.

What are your CFLAGS?

[eyebex]

Here's my build info:

Code: Select all

CHOST="i586-pc-linux-gnu"
CFLAGS="-march=i686 -mmmx -msse -msse2 -Os -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"
LDFLAGS="-Wl,-O1"
MAKEOPTS="-j2"

USE flags for vsftpd:

Code: Select all

USE="pam ssl tcpd -caps (-selinux) -xinetd"

Here's what FZ 3.2.7.1 gives me:

Code: Select all

Status:	Auflösen der IP-Adresse für eyebex.is-a-geek.org
Status:	Verbinde mit <IP>:<Port>...
Status:	Verbindung hergestellt, warte auf Willkommensnachricht...
Antwort:	220 (vsFTPd 2.2.0)
Befehl:	AUTH TLS
Antwort:	234 Proceed with negotiation.
Status:	Initialisiere TLS...
Status:	Überprüfe Zertifikat...
Befehl:	USER <name>
Status:	TLS/SSL-Verbindung hergestellt.
Antwort:	331 Please specify the password.
Befehl:	PASS *************
Antwort:	230 Login successful.
Befehl:	SYST
Antwort:	215 UNIX Type: L8
Befehl:	FEAT
Antwort:	211-Features:
Antwort:	 AUTH SSL
Antwort:	 AUTH TLS
Antwort:	 EPRT
Antwort:	 EPSV
Antwort:	 MDTM
Antwort:	 PASV
Antwort:	 PBSZ
Antwort:	 PROT
Antwort:	 REST STREAM
Antwort:	 SIZE
Antwort:	 TVFS
Antwort:	 UTF8
Antwort:	211 End
Befehl:	OPTS UTF8 ON
Antwort:	200 Always in UTF8 mode.
Befehl:	PBSZ 0
Antwort:	200 PBSZ set to 0.
Befehl:	PROT P
Antwort:	200 PROT now Private.
Status:	Verbunden
Status:	Empfange Verzeichnisinhalt...
Befehl:	PWD
Antwort:	257 "/"
Befehl:	TYPE I
Antwort:	200 Switching to Binary mode.
Befehl:	PASV
Fehler:	Verbindung zum Server getrennt: ECONNABORTED - Connection aborted
Fehler:	Verzeichnisinhalt konnte nicht empfangen werden

Here's what vsftpd.log on the server side says:

Code: Select all

Sun Aug 30 12:04:47 2009 [pid 7293] CONNECT: Client "<IP>"
Sun Aug 30 12:04:47 2009 [pid 7293] FTP response: Client "<IP>", "220 (vsFTPd 2.2.0)"
Sun Aug 30 12:04:47 2009 [pid 7293] FTP command: Client "<IP>", "AUTH TLS"
Sun Aug 30 12:04:47 2009 [pid 7293] FTP response: Client "<IP>", "234 Proceed with negotiation."
Sun Aug 30 12:04:47 2009 [pid 7293] DEBUG: Client "<IP>", "SSL version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA, not reused, no cert"
Sun Aug 30 12:04:47 2009 [pid 7293] FTP command: Client "<IP>", "USER <name>"
Sun Aug 30 12:04:47 2009 [pid 7293] [user] FTP response: Client "<IP>", "331 Please specify the password."
Sun Aug 30 12:04:48 2009 [pid 7293] [user] FTP command: Client "<IP>", "PASS <password>"
Sun Aug 30 12:04:48 2009 [pid 7292] [user] OK LOGIN: Client "<IP>"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "230 Login successful."
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP command: Client "<IP>", "SYST"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "215 UNIX Type: L8"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP command: Client "<IP>", "FEAT"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "211-Features:"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " AUTH SSL??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " AUTH TLS??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " EPRT??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " EPSV??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " MDTM??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " PASV??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " PBSZ??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " PROT??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " REST STREAM??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " SIZE??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " TVFS??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " UTF8??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "211 End"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP command: Client "<IP>", "OPTS UTF8 ON"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "200 Always in UTF8 mode."
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP command: Client "<IP>", "PBSZ 0"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "200 PBSZ set to 0."
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP command: Client "<IP>", "PROT P"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "200 PROT now Private."
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP command: Client "<IP>", "PWD"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "257 "/""
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP command: Client "<IP>", "TYPE I"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "200 Switching to Binary mode."
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP command: Client "<IP>", "PASV"

(Yes, it stops right here, no error message in the log.)

[botg]

So an entirely different problem. Moved you into a new thread.

[eyebex]

OK, sorry, I misread the error message in http://forum.filezilla-project.org/view ... f=2&t=7688 to be the same as mine. Do you want me to do more tests? If not, I'll revert to vsftpd 2.1.2 again and just be happy for now.

[botg]

Please post your complete vsftpd.conf

Which kernel are you using?

[eyebex]

Here you go:

Code: Select all

anonymous_enable=NO
ascii_upload_enable=YES
chmod_enable=NO
chroot_local_user=YES
connect_from_port_20=YES
force_local_data_ssl=NO
guest_enable=NO
hide_ids=YES
listen=YES
local_enable=YES
ls_recurse_enable=YES
pasv_promiscuous=YES
port_promiscuous=YES
require_ssl_reuse=NO
setproctitle_enable=YES
ssl_enable=YES
text_userdb_names=YES
use_localtime=YES
write_enable=YES
xferlog_enable=YES

file_open_mode=0660
listen_port=2111
local_umask=0007
max_clients=6
max_per_ip=3
pasv_min_port=2130
pasv_max_port=2190

local_root=/mnt/ftp
pasv_address=host.dyndns.org
rsa_cert_file=/etc/vsftpd/vsftpd.pem
pasv_addr_resolve=YES
user_config_dir=/etc/vsftpd/user
debug_ssl=yes
log_ftp_protocol=yes
xferlog_enable=yes

[botg]

Which kernel are you using?

[eyebex]

Sorry, it seems I'm not reading posts very thoroughly these days

Code: Select all

udat ~ # uname -a
Linux udat 2.6.27-gentoo-r10 #1 SMP Wed Apr 15 00:41:45 CEST 2009 i686 VIA Esther processor 1200MHz CentaurHauls GNU/Linux

You can get my kernel config here: http://threekings.tk/tmp/config.gz

[botg]

Bit old. Latest vsftpd used a relatively new feature (clone() with CLONE_NEWNET flag) that might not work correctly in 2.6.27, please try 2.6.30.x

[eyebex]

Same problem with kernel 2.6.30:

Code: Select all

udat src # uname -a
Linux udat 2.6.30-gentoo-r5 #1 SMP Sun Aug 30 17:15:48 CEST 2009 i686 VIA Esther processor 1200MHz CentaurHauls GNU/Linux