ftpd: allow hostnames as passive IP

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2025-12-07 06:40:54 +03:00 · 2023-02-27 19:19:50 +01:00
parent 561976bcd0
commit a23fdea9e3
8 changed files with 95 additions and 41 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -75,6 +75,7 @@ var (
 		MinTLSVersion:              12,
 		ForcePassiveIP:             "",
 		PassiveIPOverrides:         nil,
+		PassiveHost:                "",
 		ClientAuthType:             0,
 		TLSCipherSuites:            nil,
 		PassiveConnectionsSecurity: 0,
@@ -1116,28 +1117,9 @@ func getDefaultFTPDBinding(idx int) ftpd.Binding {
 	return binding
 }

-func getFTPDBindingFromEnv(idx int) {
-	binding := getDefaultFTPDBinding(idx)
+func getFTPDBindingSecurityFromEnv(idx int, binding *ftpd.Binding) bool {
 	isSet := false

-	port, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__PORT", idx))
-	if ok {
-		binding.Port = int(port)
-		isSet = true
-	}
-
-	address, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__ADDRESS", idx))
-	if ok {
-		binding.Address = address
-		isSet = true
-	}
-
-	applyProxyConfig, ok := lookupBoolFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__APPLY_PROXY_CONFIG", idx))
-	if ok {
-		binding.ApplyProxyConfig = applyProxyConfig
-		isSet = true
-	}
-
 	certificateFile, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__CERTIFICATE_FILE", idx))
 	if ok {
 		binding.CertificateFile = certificateFile
@@ -1162,15 +1144,9 @@ func getFTPDBindingFromEnv(idx int) {
 		isSet = true
 	}

-	passiveIP, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__FORCE_PASSIVE_IP", idx))
+	tlsCiphers, ok := lookupStringListFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__TLS_CIPHER_SUITES", idx))
 	if ok {
-		binding.ForcePassiveIP = passiveIP
-		isSet = true
-	}
-
-	passiveIPOverrides := getFTPDPassiveIPOverridesFromEnv(idx)
-	if len(passiveIPOverrides) > 0 {
-		binding.PassiveIPOverrides = passiveIPOverrides
+		binding.TLSCipherSuites = tlsCiphers
 		isSet = true
 	}

@@ -1180,12 +1156,6 @@ func getFTPDBindingFromEnv(idx int) {
 		isSet = true
 	}

-	tlsCiphers, ok := lookupStringListFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__TLS_CIPHER_SUITES", idx))
-	if ok {
-		binding.TLSCipherSuites = tlsCiphers
-		isSet = true
-	}
-
 	pasvSecurity, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__PASSIVE_CONNECTIONS_SECURITY", idx))
 	if ok {
 		binding.PassiveConnectionsSecurity = int(pasvSecurity)
@@ -1198,12 +1168,59 @@ func getFTPDBindingFromEnv(idx int) {
 		isSet = true
 	}

+	return isSet
+}
+
+func getFTPDBindingFromEnv(idx int) {
+	binding := getDefaultFTPDBinding(idx)
+	isSet := false
+
+	port, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__PORT", idx))
+	if ok {
+		binding.Port = int(port)
+		isSet = true
+	}
+
+	address, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__ADDRESS", idx))
+	if ok {
+		binding.Address = address
+		isSet = true
+	}
+
+	applyProxyConfig, ok := lookupBoolFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__APPLY_PROXY_CONFIG", idx))
+	if ok {
+		binding.ApplyProxyConfig = applyProxyConfig
+		isSet = true
+	}
+
+	passiveIP, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__FORCE_PASSIVE_IP", idx))
+	if ok {
+		binding.ForcePassiveIP = passiveIP
+		isSet = true
+	}
+
+	passiveIPOverrides := getFTPDPassiveIPOverridesFromEnv(idx)
+	if len(passiveIPOverrides) > 0 {
+		binding.PassiveIPOverrides = passiveIPOverrides
+		isSet = true
+	}
+
+	passiveHost, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__PASSIVE_HOST", idx))
+	if ok {
+		binding.PassiveHost = passiveHost
+		isSet = true
+	}
+
 	debug, ok := lookupBoolFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__DEBUG", idx))
 	if ok {
 		binding.Debug = debug
 		isSet = true
 	}

+	if getFTPDBindingSecurityFromEnv(idx, &binding) {
+		isSet = true
+	}
+
 	applyFTPDBindingFromEnv(idx, isSet, binding)
 }