Struct libunftp::Server

pub struct Server<Storage, User> where
    Storage: StorageBackend<User>,
    User: UserDetail,  { /* fields omitted */ }

An instance of an FTP(S) server. It aggregates an Authenticator implementation that will be used for authentication, and a StorageBackend implementation that will be used as the virtual file system.

The server can be started with the listen method.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;
use tokio::runtime::Runtime;

let mut rt = Runtime::new().unwrap();
let server = Server::with_fs("/srv/ftp");
rt.spawn(server.listen("127.0.0.1:2121"));
// ...
drop(rt);

Implementations

impl<Storage, User> Server<Storage, User> where
    Storage: StorageBackend<User> + 'static,
    Storage::Metadata: Metadata,
    User: UserDetail + 'static, 

pub fn new(sbe_generator: Box<dyn Fn() -> Storage + Send + Sync>) -> Self where
    AnonymousAuthenticator: Authenticator<User>, 

Construct a new Server with the given StorageBackend generator and an AnonymousAuthenticator

pub fn with_authenticator(
    s: Box<dyn Fn() -> Storage + Send + Sync>,
    authenticator: Arc<dyn Authenticator<User> + Send + Sync>
) -> Self

Construct a new Server with the given StorageBackend and Authenticator. The other parameters will be set to defaults.

pub fn authenticator(
    self,
    authenticator: Arc<dyn Authenticator<User> + Send + Sync>
) -> Self

Set the Authenticator that will be used for authentication.

Example

use libunftp::{auth, auth::AnonymousAuthenticator, Server};
use unftp_sbe_fs::ServerExt;
use std::sync::Arc;

// Use it in a builder-like pattern:
let mut server = Server::with_fs("/tmp")
                 .authenticator(Arc::new(auth::AnonymousAuthenticator{}));

pub fn ftps<P: Into<PathBuf>>(self, certs_file: P, key_file: P) -> Self

Enables FTPS by configuring the path to the certificates file and the private key file. Both should be in PEM format.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;

let server = Server::with_fs("/tmp")
             .ftps("/srv/unftp/server.certs", "/srv/unftp/server.key");

pub fn ftps_client_auth<C>(self, auth: C) -> Self where
    C: Into<FtpsClientAuth>, 

Allows switching on Mutual TLS. For this to work the trust anchors also needs to be set using the ftps_trust_store method.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;
use libunftp::options::FtpsClientAuth;

let server = Server::with_fs("/tmp")
             .ftps("/srv/unftp/server.certs", "/srv/unftp/server.key")
             .ftps_client_auth(FtpsClientAuth::Require)
             .ftps_trust_store("/srv/unftp/trusted.pem");

pub fn ftps_required<R>(self, for_control_chan: R, for_data_chan: R) -> Self where
    R: Into<FtpsRequired>, 

Configures whether client connections may use plaintext mode or not.

pub fn ftps_trust_store<P>(self, trust: P) -> Self where
    P: Into<PathBuf>, 

Sets the certificates to use when verifying client certificates in Mutual TLS mode. This should point to certificates in a PEM formatted file. For this to have any effect MTLS needs to be switched on via the ftps_client_auth method.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;

let server = Server::with_fs("/tmp")
             .ftps("/srv/unftp/server.certs", "/srv/unftp/server.key")
             .ftps_client_auth(true)
             .ftps_trust_store("/srv/unftp/trusted.pem");

pub fn ftps_tls_flags(self, flags: TlsFlags) -> Self

Switches TLS features on or off.

Example

This example enables only TLS v1.3 and allows TLS session resumption with tickets.

use libunftp::Server;
use unftp_sbe_fs::ServerExt;
use libunftp::options::TlsFlags;

let mut server = Server::with_fs("/tmp")
                 .greeting("Welcome to my FTP Server")
                 .ftps("/srv/unftp/server.certs", "/srv/unftp/server.key")
                 .ftps_tls_flags(TlsFlags::V1_3 | TlsFlags::RESUMPTION_TICKETS);

pub fn greeting(self, greeting: &'static str) -> Self

Set the greeting that will be sent to the client after connecting.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;

// Use it in a builder-like pattern:
let mut server = Server::with_fs("/tmp").greeting("Welcome to my FTP Server");

// Or instead if you prefer:
let mut server = Server::with_fs("/tmp");
server.greeting("Welcome to my FTP Server");

pub fn idle_session_timeout(self, secs: u64) -> Self

Set the idle session timeout in seconds. The default is 600 seconds.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;

// Use it in a builder-like pattern:
let mut server = Server::with_fs("/tmp").idle_session_timeout(600);

// Or instead if you prefer:
let mut server = Server::with_fs("/tmp");
server.idle_session_timeout(600);

pub fn logger<L: Into<Option<Logger>>>(self, logger: L) -> Self

Sets the structured logger (slog::Logger) to use

pub fn metrics(self) -> Self

Enables the collection of prometheus metrics.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;

// Use it in a builder-like pattern:
let mut server = Server::with_fs("/tmp").metrics();

// Or instead if you prefer:
let mut server = Server::with_fs("/tmp");
server.metrics();

pub fn passive_host<H: Into<PassiveHost>>(self, host_option: H) -> Self

Specifies how the IP address that libunftp will advertise in response to the PASV command is determined.

Examples

Using a fixed IP specified as a numeric array:

use libunftp::Server;
use unftp_sbe_fs::ServerExt;

let server = Server::with_fs("/tmp")
             .passive_host([127,0,0,1]);

Or the same but more explicitly:

use libunftp::{Server,options};
use unftp_sbe_fs::ServerExt;
use std::net::Ipv4Addr;

let server = Server::with_fs("/tmp")
             .passive_host(options::PassiveHost::Ip(Ipv4Addr::new(127, 0, 0, 1)));

To determine the passive IP from the incoming control connection:

use libunftp::{Server,options};
use unftp_sbe_fs::ServerExt;

let server = Server::with_fs("/tmp")
             .passive_host(options::PassiveHost::FromConnection);

Get the IP by resolving a DNS name:

use libunftp::{Server,options};
use unftp_sbe_fs::ServerExt;

let server = Server::with_fs("/tmp")
             .passive_host("ftp.myserver.org");

pub fn passive_ports(self, range: Range<u16>) -> Self

Sets the range of passive ports that we’ll use for passive connections.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;

// Use it in a builder-like pattern:
let server = Server::with_fs("/tmp")
             .passive_ports(49152..65535);

// Or instead if you prefer:
let mut server = Server::with_fs("/tmp");
server.passive_ports(49152..65535);

pub fn proxy_protocol_mode(self, external_control_port: u16) -> Self

Enables PROXY protocol mode.

If you use a proxy such as haproxy or nginx, you can enable the PROXY protocol (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt).

Configure your proxy to enable PROXY protocol encoding for control and data external listening ports, forwarding these connections to the libunFTP listening port in proxy protocol mode.

In PROXY protocol mode, libunftp receives both control and data connections on the listening port. It then distinguishes control and data connections by comparing the original destination port (extracted from the PROXY header) with the port specified as the external_control_port parameter.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;

// Use it in a builder-like pattern:
let mut server = Server::with_fs("/tmp").proxy_protocol_mode(2121);

pub async fn listen<T: Into<String> + Debug>(
    self,
    bind_address: T
) -> Result<(), ServerError>

Runs the main ftp process asynchronously. Should be started in a async runtime context.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;
use tokio::runtime::Runtime;

let mut rt = Runtime::new().unwrap();
let server = Server::with_fs("/srv/ftp");
rt.spawn(server.listen("127.0.0.1:2121"));
// ...
drop(rt);

Panics

This function panics when called with invalid addresses or when the process is unable to bind() to the address.

pub fn sitemd5<M: Into<SiteMd5>>(self, sitemd5_option: M) -> Self

Enables SITE MD5

Warning: Depending on the storage backend, SITE MD5 may use relatively much memory and generate high CPU usage. This opens a Denial of Service vulnerability that could be exploited by malicious users, by means of flooding the server with SITE MD5 commands. As such this feature is probably best user configured and at least disabled for anonymous users by default.

Example

use libunftp::Server;
use libunftp::options::SiteMd5;
use unftp_sbe_fs::ServerExt;

// Use it in a builder-like pattern:
let mut server = Server::with_fs("/tmp").sitemd5(SiteMd5::None);

Trait Implementations

impl<Storage, User> Debug for Server<Storage, User> where
    Storage: StorageBackend<User>,
    User: UserDetail, 

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.