From f5ac4c50761983189a5afbf6d1c5935a62770a50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 8 Jun 2021 10:50:07 +0200 Subject: [PATCH] Resolves: #1969322 - squid doesn't work with active ftp --- squid-5.0.6-active-ftp.patch | 127 +++++++++++++++++++++++++++++++++++ squid.spec | 8 ++- 2 files changed, 134 insertions(+), 1 deletion(-) create mode 100644 squid-5.0.6-active-ftp.patch diff --git a/squid-5.0.6-active-ftp.patch b/squid-5.0.6-active-ftp.patch new file mode 100644 index 0000000..9206da2 --- /dev/null +++ b/squid-5.0.6-active-ftp.patch @@ -0,0 +1,127 @@ +diff --git a/src/clients/FtpClient.cc b/src/clients/FtpClient.cc +index 747ed35..f2b7126 100644 +--- a/src/clients/FtpClient.cc ++++ b/src/clients/FtpClient.cc +@@ -795,7 +795,8 @@ Ftp::Client::connectDataChannel() + bool + Ftp::Client::openListenSocket() + { +- return false; ++ debugs(9, 3, HERE); ++ return false; + } + + /// creates a data channel Comm close callback +diff --git a/src/clients/FtpClient.h b/src/clients/FtpClient.h +index eb5ea1b..e92c007 100644 +--- a/src/clients/FtpClient.h ++++ b/src/clients/FtpClient.h +@@ -137,7 +137,7 @@ public: + bool sendPort(); + bool sendPassive(); + void connectDataChannel(); +- bool openListenSocket(); ++ virtual bool openListenSocket(); + void switchTimeoutToDataChannel(); + + CtrlChannel ctrl; ///< FTP control channel state +diff --git a/src/clients/FtpGateway.cc b/src/clients/FtpGateway.cc +index 05db817..2989cd2 100644 +--- a/src/clients/FtpGateway.cc ++++ b/src/clients/FtpGateway.cc +@@ -86,6 +86,13 @@ struct GatewayFlags { + class Gateway; + typedef void (StateMethod)(Ftp::Gateway *); + ++} // namespace FTP ++ ++static void ftpOpenListenSocket(Ftp::Gateway * ftpState, int fallback); ++ ++namespace Ftp ++{ ++ + /// FTP Gateway: An FTP client that takes an HTTP request with an ftp:// URI, + /// converts it into one or more FTP commands, and then + /// converts one or more FTP responses into the final HTTP response. +@@ -136,7 +143,11 @@ public: + + /// create a data channel acceptor and start listening. + void listenForDataChannel(const Comm::ConnectionPointer &conn); +- ++ virtual bool openListenSocket() { ++ debugs(9, 3, HERE); ++ ftpOpenListenSocket(this, 0); ++ return Comm::IsConnOpen(data.conn); ++ } + int checkAuth(const HttpHeader * req_hdr); + void checkUrlpath(); + void buildTitleUrl(); +@@ -1786,6 +1797,7 @@ ftpOpenListenSocket(Ftp::Gateway * ftpState, int fallback) + } + + ftpState->listenForDataChannel(temp); ++ ftpState->data.listenConn = temp; + } + + static void +@@ -1821,13 +1833,19 @@ ftpSendPORT(Ftp::Gateway * ftpState) + // pull out the internal IP address bytes to send in PORT command... + // source them from the listen_conn->local + ++ struct sockaddr_in addr; ++ socklen_t addrlen = sizeof(addr); ++ getsockname(ftpState->data.listenConn->fd, (struct sockaddr *) &addr, &addrlen); ++ unsigned char port_high = ntohs(addr.sin_port) >> 8; ++ unsigned char port_low = ntohs(addr.sin_port) & 0xff; ++ + struct addrinfo *AI = NULL; + ftpState->data.listenConn->local.getAddrInfo(AI, AF_INET); + unsigned char *addrptr = (unsigned char *) &((struct sockaddr_in*)AI->ai_addr)->sin_addr; +- unsigned char *portptr = (unsigned char *) &((struct sockaddr_in*)AI->ai_addr)->sin_port; ++ // unsigned char *portptr = (unsigned char *) &((struct sockaddr_in*)AI->ai_addr)->sin_port; + snprintf(cbuf, CTRL_BUFLEN, "PORT %d,%d,%d,%d,%d,%d\r\n", + addrptr[0], addrptr[1], addrptr[2], addrptr[3], +- portptr[0], portptr[1]); ++ port_high, port_low); + ftpState->writeCommand(cbuf); + ftpState->state = Ftp::Client::SENT_PORT; + +@@ -1880,14 +1898,27 @@ ftpSendEPRT(Ftp::Gateway * ftpState) + return; + } + ++ ++ unsigned int port; ++ struct sockaddr_storage addr; ++ socklen_t addrlen = sizeof(addr); ++ getsockname(ftpState->data.listenConn->fd, (struct sockaddr *) &addr, &addrlen); ++ if (addr.ss_family == AF_INET) { ++ struct sockaddr_in *addr4 = (struct sockaddr_in*) &addr; ++ port = ntohs( addr4->sin_port ); ++ } else { ++ struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &addr; ++ port = ntohs( addr6->sin6_port ); ++ } ++ + char buf[MAX_IPSTRLEN]; + + /* RFC 2428 defines EPRT as IPv6 equivalent to IPv4 PORT command. */ + /* Which can be used by EITHER protocol. */ +- snprintf(cbuf, CTRL_BUFLEN, "EPRT |%d|%s|%d|\r\n", ++ snprintf(cbuf, CTRL_BUFLEN, "EPRT |%d|%s|%u|\r\n", + ( ftpState->data.listenConn->local.isIPv6() ? 2 : 1 ), + ftpState->data.listenConn->local.toStr(buf,MAX_IPSTRLEN), +- ftpState->data.listenConn->local.port() ); ++ port); + + ftpState->writeCommand(cbuf); + ftpState->state = Ftp::Client::SENT_EPRT; +@@ -1906,7 +1937,7 @@ ftpReadEPRT(Ftp::Gateway * ftpState) + ftpSendPORT(ftpState); + return; + } +- ++ ftpState->ctrl.message = NULL; + ftpRestOrList(ftpState); + } + diff --git a/squid.spec b/squid.spec index d415e0d..fcbc234 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 5.0.6 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -37,6 +37,8 @@ Patch204: squid-3.5.9-include-guards.patch Patch205: squid-5.0.5-symlink-lang-err.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1953505 Patch206: squid-5.0.6-openssl3.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1969322 +Patch207: squid-5.0.6-active-ftp.patch # cache_swap.sh Requires: bash gawk @@ -108,6 +110,7 @@ lookup program (dnsserver), a program for retrieving FTP data %patch204 -p0 -b .include-guards %patch205 -p1 -R -b .symlink-lang-err %patch206 -p1 -b .openssl3 +%patch207 -p1 -b .active-ftp # https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # Patch in the vendor documentation and used different location for documentation @@ -342,6 +345,9 @@ fi %changelog +* Tue Jun 08 2021 Luboš Uhliarik - 7:5.0.6-3 +- Resolves: #1969322 - squid doesn't work with active ftp + * Mon May 17 2021 Lubos Uhliarik - 7:5.0.6-2 - Resolves: #1953505 - squid: Port to OpenSSL 3.0