Struct libunftp::Server

pub struct Server<Storage, User>
where
    Storage: StorageBackend<User>,
    User: UserDetail,
{ /* private fields */ }

An instance of an FTP(S) server. It aggregates an Authenticator implementation that will be used for authentication, and a StorageBackend implementation that will be used as the virtual file system.

The server can be started with the listen method.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;
use tokio::runtime::Runtime;

let mut rt = Runtime::new().unwrap();
let server = Server::with_fs("/srv/ftp");
rt.spawn(server.listen("127.0.0.1:2121"));
// ...
drop(rt);

Implementations

impl<Storage, User> Server<Storage, User>

where Storage: StorageBackend<User> + 'static, Storage::Metadata: Metadata, User: UserDetail + 'static,

pub fn new(sbe_generator: Box<dyn Fn() -> Storage + Send + Sync>) -> Self

where AnonymousAuthenticator: Authenticator<User>,

Construct a new Server with the given StorageBackend generator and an AnonymousAuthenticator

pub fn with_authenticator( sbe_generator: Box<dyn Fn() -> Storage + Send + Sync>, authenticator: Arc<dyn Authenticator<User> + Send + Sync> ) -> Self

Construct a new Server with the given StorageBackend generator and Authenticator. The other parameters will be set to defaults.

pub fn authenticator( self, authenticator: Arc<dyn Authenticator<User> + Send + Sync> ) -> Self

Set the Authenticator that will be used for authentication.

Example

use libunftp::{auth, auth::AnonymousAuthenticator, Server};
use unftp_sbe_fs::ServerExt;
use std::sync::Arc;

// Use it in a builder-like pattern:
let mut server = Server::with_fs("/tmp")
                 .authenticator(Arc::new(auth::AnonymousAuthenticator{}));

pub fn active_passive_mode<M: Into<ActivePassiveMode>>(self, mode: M) -> Self

Enables one or both of Active/Passive mode. In active mode the server connects to the client’s data port and in passive mode the client connects the the server’s data port.

Active mode is an older mode and considered less secure and is therefore disabled by default.

Example

use libunftp::options::ActivePassiveMode;
use libunftp::Server;
use unftp_sbe_fs::ServerExt;

let server = Server::with_fs("/tmp")
             .active_passive_mode(ActivePassiveMode::ActiveAndPassive);

pub fn ftps<P: Into<PathBuf>>(self, certs_file: P, key_file: P) -> Self

Enables FTPS by configuring the path to the certificates file and the private key file. Both should be in PEM format.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;

let server = Server::with_fs("/tmp")
             .ftps("/srv/unftp/server.certs", "/srv/unftp/server.key");

pub fn ftps_client_auth<C>(self, auth: C) -> Self

where C: Into<FtpsClientAuth>,

Allows switching on Mutual TLS. For this to work the trust anchors also needs to be set using the ftps_trust_store method.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;
use libunftp::options::FtpsClientAuth;

let server = Server::with_fs("/tmp")
             .ftps("/srv/unftp/server.certs", "/srv/unftp/server.key")
             .ftps_client_auth(FtpsClientAuth::Require)
             .ftps_trust_store("/srv/unftp/trusted.pem");

pub fn ftps_required<R>(self, for_control_chan: R, for_data_chan: R) -> Self

where R: Into<FtpsRequired>,

Configures whether client connections may use plaintext mode or not.

pub fn ftps_trust_store<P>(self, trust: P) -> Self

where P: Into<PathBuf>,

Sets the certificates to use when verifying client certificates in Mutual TLS mode. This should point to certificates in a PEM formatted file. For this to have any effect MTLS needs to be switched on via the ftps_client_auth method.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;

let server = Server::with_fs("/tmp")
             .ftps("/srv/unftp/server.certs", "/srv/unftp/server.key")
             .ftps_client_auth(true)
             .ftps_trust_store("/srv/unftp/trusted.pem");

pub fn ftps_tls_flags(self, flags: TlsFlags) -> Self

Switches TLS features on or off.

Example

This example enables only TLS v1.3 and allows TLS session resumption with tickets.

use libunftp::Server;
use unftp_sbe_fs::ServerExt;
use libunftp::options::TlsFlags;

let mut server = Server::with_fs("/tmp")
                 .greeting("Welcome to my FTP Server")
                 .ftps("/srv/unftp/server.certs", "/srv/unftp/server.key")
                 .ftps_tls_flags(TlsFlags::V1_3 | TlsFlags::RESUMPTION_TICKETS);

pub fn greeting(self, greeting: &'static str) -> Self

Set the greeting that will be sent to the client after connecting.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;

// Use it in a builder-like pattern:
let mut server = Server::with_fs("/tmp").greeting("Welcome to my FTP Server");

// Or instead if you prefer:
let mut server = Server::with_fs("/tmp");
server.greeting("Welcome to my FTP Server");

pub fn idle_session_timeout(self, secs: u64) -> Self

Set the idle session timeout in seconds. The default is 600 seconds.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;

// Use it in a builder-like pattern:
let mut server = Server::with_fs("/tmp").idle_session_timeout(600);

// Or instead if you prefer:
let mut server = Server::with_fs("/tmp");
server.idle_session_timeout(600);

pub fn logger<L: Into<Option<Logger>>>(self, logger: L) -> Self

Sets the structured logger (slog::Logger) to use

pub fn metrics(self) -> Self

Enables the collection of prometheus metrics.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;

// Use it in a builder-like pattern:
let mut server = Server::with_fs("/tmp").metrics();

// Or instead if you prefer:
let mut server = Server::with_fs("/tmp");
server.metrics();

pub fn notify_data(self, listener: impl DataListener + 'static) -> Self

Sets an DataListener that will be notified of data changes that happen in a user’s session.

pub fn notify_presence(self, listener: impl PresenceListener + 'static) -> Self

Sets an PresenceListener that will be notified of user logins and logouts

pub fn passive_host<H: Into<PassiveHost>>(self, host_option: H) -> Self

Specifies how the IP address that libunftp will advertise in response to the PASV command is determined.

Examples

Using a fixed IP specified as a numeric array:

use libunftp::Server;
use unftp_sbe_fs::ServerExt;

let server = Server::with_fs("/tmp")
             .passive_host([127,0,0,1]);

Or the same but more explicitly:

use libunftp::{Server,options};
use unftp_sbe_fs::ServerExt;
use std::net::Ipv4Addr;

let server = Server::with_fs("/tmp")
             .passive_host(options::PassiveHost::Ip(Ipv4Addr::new(127, 0, 0, 1)));

To determine the passive IP from the incoming control connection:

use libunftp::{Server,options};
use unftp_sbe_fs::ServerExt;

let server = Server::with_fs("/tmp")
             .passive_host(options::PassiveHost::FromConnection);

Get the IP by resolving a DNS name:

use libunftp::{Server,options};
use unftp_sbe_fs::ServerExt;

let server = Server::with_fs("/tmp")
             .passive_host("ftp.myserver.org");

pub fn passive_ports(self, range: Range<u16>) -> Self

Sets the range of passive ports that we’ll use for passive connections.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;

// Use it in a builder-like pattern:
let server = Server::with_fs("/tmp")
             .passive_ports(49152..65535);

// Or instead if you prefer:
let mut server = Server::with_fs("/tmp");
server.passive_ports(49152..65535);

pub fn proxy_protocol_mode(self, external_control_port: u16) -> Self

Enables PROXY protocol mode.

If you use a proxy such as haproxy or nginx, you can enable the PROXY protocol (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt).

Configure your proxy to enable PROXY protocol encoding for control and data external listening ports, forwarding these connections to the libunFTP listening port in proxy protocol mode.

In PROXY protocol mode, libunftp receives both control and data connections on the listening port. It then distinguishes control and data connections by comparing the original destination port (extracted from the PROXY header) with the port specified as the external_control_port parameter.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;

// Use it in a builder-like pattern:
let mut server = Server::with_fs("/tmp").proxy_protocol_mode(2121);

pub fn shutdown_indicator<I>(self, indicator: I) -> Self

where I: Future<Output = Shutdown> + Send + Sync + 'static,

Allows telling libunftp when and how to shutdown gracefully.

The passed argument is a future that resolves when libunftp should shut down. The future should return a options::Shutdown instance.

Example

use std::time::Duration;
use libunftp::Server;
use unftp_sbe_fs::ServerExt;

let mut server = Server::with_fs("/tmp").shutdown_indicator(async {
   tokio::time::sleep(Duration::from_secs(10)).await; // Shut the server down after 10 seconds.
   libunftp::options::Shutdown::new()
     .grace_period(Duration::from_secs(5)) // Allow 5 seconds to shutdown gracefully
});

pub fn sitemd5<M: Into<SiteMd5>>(self, sitemd5_option: M) -> Self

Enables the FTP command ‘SITE MD5’.

Warning: Depending on the storage backend, SITE MD5 may use relatively much memory and generate high CPU usage. This opens a Denial of Service vulnerability that could be exploited by malicious users, by means of flooding the server with SITE MD5 commands. As such this feature is probably best user configured and at least disabled for anonymous users by default.

Example

use libunftp::Server;
use libunftp::options::SiteMd5;
use unftp_sbe_fs::ServerExt;

// Use it in a builder-like pattern:
let mut server = Server::with_fs("/tmp").sitemd5(SiteMd5::None);

pub fn failed_logins_policy(self, policy: FailedLoginsPolicy) -> Self

Enables a password guessing protection policy

Policy used to temporarily block an account, source IP or the combination of both, after a certain number of failed login attempts for a certain time.

There are different policies to choose from. Such as to lock based on the combination of source IP + username or only username or IP. For example, if you choose IP based blocking, multiple successive failed login attempts will block any login attempt from that IP for a defined period, including login attempts for other users.

The default policy is to block on the combination of source IP and username. This policy affects only this specific IP+username combination, and does not block the user logging in from elsewhere.

It is also possible to override the default ‘Penalty’, which defines how many failed login attempts before applying the policy, and after what time the block expires.

Examples

use libunftp::Server;
use libunftp::options::{FailedLoginsPolicy,FailedLoginsBlock};
use unftp_sbe_fs::ServerExt;

// With default policy
let server = Server::with_fs("/tmp").failed_logins_policy(FailedLoginsPolicy::default());

// Or choose a specific policy like based on source IP and
// longer block (maximum 3 attempts, 5 minutes, IP based
// blocking)
use std::time::Duration;
let server = Server::with_fs("/tmp").failed_logins_policy(FailedLoginsPolicy::new(3, Duration::from_secs(300), FailedLoginsBlock::IP));

pub async fn listen<T: Into<String> + Debug>( self, bind_address: T ) -> Result<(), ServerError>

Runs the main FTP process asynchronously. Should be started in a async runtime context.

Example

use libunftp::Server;
use unftp_sbe_fs::ServerExt;
use tokio::runtime::Runtime;

let mut rt = Runtime::new().unwrap();
let server = Server::with_fs("/srv/ftp");
rt.spawn(server.listen("127.0.0.1:2121"));
// ...
drop(rt);

Trait Implementations

impl<Storage, User> Debug for Server<Storage, User>

where Storage: StorageBackend<User>, User: UserDetail,

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.