FTPD: allow to set different passive IPs based on the client's IP address

2025-12-07 14:50:55 +03:00 · 2021-11-25 12:45:09 +01:00
parent 531cb5b5a1
commit 4652f9ede8
9 changed files with 214 additions and 23 deletions
--- a/config/config.go
+++ b/config/config.go
@@ -53,6 +53,7 @@ var (
 		ApplyProxyConfig:           true,
 		TLSMode:                    0,
 		ForcePassiveIP:             "",
+		PassiveIPOverrides:         nil,
 		ClientAuthType:             0,
 		TLSCipherSuites:            nil,
 		PassiveConnectionsSecurity: 0,
@@ -852,6 +853,31 @@ func getSFTPDBindindFromEnv(idx int) {
 	}
 }

+func getFTPDPassiveIPOverridesFromEnv(idx int) []ftpd.PassiveIPOverride {
+	var overrides []ftpd.PassiveIPOverride
+
+	for subIdx := 0; subIdx < 10; subIdx++ {
+		var override ftpd.PassiveIPOverride
+
+		ip, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__PASSIVE_IP_OVERRIDES__%v__IP", idx, subIdx))
+		if ok {
+			override.IP = ip
+		}
+
+		networks, ok := lookupStringListFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__PASSIVE_IP_OVERRIDES__%v__NETWORKS",
+			idx, subIdx))
+		if ok {
+			override.Networks = networks
+		}
+
+		if len(override.Networks) > 0 {
+			overrides = append(overrides, override)
+		}
+	}
+
+	return overrides
+}
+
 func getFTPDBindingFromEnv(idx int) {
 	binding := ftpd.Binding{
 		ApplyProxyConfig: true,
@@ -892,6 +918,12 @@ func getFTPDBindingFromEnv(idx int) {
 		isSet = true
 	}

+	passiveIPOverrides := getFTPDPassiveIPOverridesFromEnv(idx)
+	if len(passiveIPOverrides) > 0 {
+		binding.PassiveIPOverrides = passiveIPOverrides
+		isSet = true
+	}
+
 	clientAuthType, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__CLIENT_AUTH_TYPE", idx))
 	if ok {
 		binding.ClientAuthType = int(clientAuthType)