feat: Add support for active mode

timo-reymann · timo-reymann · commit b086bc2595ae · 2024-07-21T09:19:47.000+02:00
diff --git a/README.md b/README.md
@@ -49,14 +49,16 @@ services:
     # If NO_USER_FTP_POSTFIX is set, USER_FTP_POSTFIX is disabled and the user home directory is exposed over ftp
     # - USER_FTP_POSTFIX=/data
     # - NO_USER_FTP_POSTFIX=true
-
-    # - PUBLIC_HOST=custom-host.domain.tld # optional and only used for passive ftp, defaults to localhost
+  
+    # optional and only used for passive ftp, defaults to 127.0.0.1
+    # - PUBLIC_HOST=custom-host.domain.tld 
     ports:
-      # active ftp
+      # ftp control
       - "21:21"
-      # passive ftp ports, may differ if you configured them differently
+      # active ftp
+      - "20:20"
+      # passive ftp ports, may differ if you configured them differently with PASSIVE_MIN_PORT_*
       - "10090-10100:10090-10100"
-
       # sftp
       - "2022:2022"
     volumes:
@@ -87,25 +89,27 @@ Both can be used together, so you can use env vars and/or file-based user creati
 
 You can further configure the ftp server using the following environment variables:
 
-| Variable            | Usage                                                       |
-|:--------------------|:------------------------------------------------------------|
-| PASSIVE_MIN_PORT    | Minimum used passive port                                   |
-| PASSIVE_MAX_PORT    | Maximum used passive port                                   |
-| PUBLIC_HOST         | Public host                                                 |
-| UMASK               | customize the ftp umask (default 022 => chmod 777)          |
-| USER_FTP_POSTFIX    | Override the path exposed over ftp, defaults to /data       |
-| NO_USER_FTP_POSTFIX | Disable USER_FTP_POSTFIX, ftp access to user home directory |
+| Variable             | Default   | Usage                                                                                 |
+|:---------------------|:----------|:--------------------------------------------------------------------------------------|
+| PASSIVE_MODE_ENABLED | yes       | Set to `yes` to enable and to `no`to disable passive mode support                     |
+| PASSIVE_MIN_PORT     | 10090     | Minimum used passive port                                                             |
+| PASSIVE_MAX_PORT     | 10100     | Maximum used passive port                                                             |
+| ACTIVE_MODE_ENABLED  | yes       | Set to `yes` to enable and to `no`to disable active mode support                      |
+| PUBLIC_HOST          | 127.0.0.1 | Public host used for passive mode server address                                      |
+| UMASK                | 022       | customize the ftp umask                                                               |
+| USER_FTP_POSTFIX     | *None*    | Override the path exposed over ftp, defaults to /data                                 |
+| NO_USER_FTP_POSTFIX  | *None*    | Disable `USER_FTP_POSTFIX` by setting to any value, ftp access to user home directory |
 
 #### SFTP
 
 > For SFTP there is currently no further configuration possible and necessary.
 
 #### General settings
 
-| Variable           | Usage                                                                                                      |
-|:-------------------|:-----------------------------------------------------------------------------------------------------------|
-| BANNER             | Banner displayed at connect using SFTP or FTP                                                              |
-| ACCOUNT_<username> | Set the value to the password to set for <username>, this will create a user to be used with SFTP and FTP. |
+| Variable             | Usage                                                                                                        |
+|:---------------------|:-------------------------------------------------------------------------------------------------------------|
+| BANNER               | Banner displayed at connect using SFTP or FTP                                                                |
+| ACCOUNT_`{username}` | Set the value to the password to set for `{username}`, this will create a user to be used with SFTP and FTP. |
 
 #### Ports
 
@@ -115,7 +119,8 @@ Default ports are:
 
 | Port        | Protocol    |
 |:------------|:------------|
-| 21          | Active FTP  |
+| 20          | Active FTP  |
+| 21          | FTP control |
 | 10090-10100 | Passive FTP |
 | 2022        | SFTP        |
 
diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh
@@ -80,24 +80,32 @@ configure_vsftpd() {
 
     log "FTP" "Append custom config to vsftpd config"
     cat <<EOF >> $VSFTPD_CONFIG_FILE
+# chroot
 allow_writeable_chroot=YES
 chroot_local_user=YES
-ftpd_banner=${BANNER}
-listen_ipv6=NO
+passwd_chroot_enable=YES
 local_enable=YES
 local_root=${DATA_FOLDER}/\$USER${USER_FTP_POSTFIX}
 local_umask=${UMASK}
-passwd_chroot_enable=YES
-pasv_enable=YES
+user_sub_token=\$USER
+
+# general
+ftpd_banner=${BANNER}
+listen_ipv6=NO
+write_enable=YES
+seccomp_sandbox=NO
+vsftpd_log_file=$(tty)
+
+# passive mode
+pasv_enable=${PASSIVE_MODE_ENABLED:-'yes'}
 pasv_max_port=${PASSIVE_MAX_PORT}
 pasv_min_port=${PASSIVE_MIN_PORT}
 pasv_addr_resolve=NO
 pasv_promiscuous=${PASSIVE_PROMISCUOUS}
 pasv_address=${PUBLIC_HOST}
-seccomp_sandbox=NO
-user_sub_token=\$USER
-vsftpd_log_file=$(tty)
-write_enable=YES
+
+# active mode
+connect_from_port_20=${ACTIVE_MODE_ENABLED:-'yes'}
 EOF
 
     log "FTP" "Disable anonymous login"
diff --git a/tests/test_usage.py b/tests/test_usage.py
@@ -1,6 +1,8 @@
 from io import BytesIO
 from tempfile import NamedTemporaryFile
 
+import pytest
+
 
 def test_crud_sftp(
         chrooted_ftp_test_container,
@@ -38,7 +40,8 @@ def test_crud_sftp(
         assert [] == connection.listdir("/data")
 
 
-def test_crud_ftp(chrooted_ftp_test_container, create_ftp_connection, wait_for_container_to_be_started):
+@pytest.mark.parametrize("is_active", [True, False])
+def test_crud_ftp(chrooted_ftp_test_container, create_ftp_connection, wait_for_container_to_be_started, is_active):
     # Create account to use in test
     chrooted_ftp_test_container.with_env("ACCOUNT_pytest", "test")
 
@@ -51,6 +54,8 @@ def test_crud_ftp(chrooted_ftp_test_container, create_ftp_connection, wait_for_c
     with chrooted_ftp_test_container:
         wait_for_container_to_be_started(chrooted_ftp_test_container)
         connection = create_ftp_connection(chrooted_ftp_test_container.get_exposed_port(21), "pytest", "test")
+        if not is_active:
+            connection.makepasv()
 
         # Create file
         connection.storlines("STOR test.txt", BytesIO(b'test'))
