RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Add FTP_PORT

pull/783/head
Tim Kimber 3 years ago
parent
012d48694a
commit
601401c98f
2 changed files with 186 additions and 10 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +19
    -10
      getssl
  2. +167
    -0
      test/34-ftp-ports.bats

+ 19
- 10
getssl View File

@ -319,6 +319,7 @@ DUAL_RSA_ECDSA="false"
FTP_OPTIONS=""
FTPS_OPTIONS=""
FTP_ARGS=""
FTP_PORT=""
FULL_CHAIN_INCLUDE_ROOT="false"
GETSSL_IGNORE_CP_PRESERVE="false"
HTTP_TOKEN_CHECK_WAIT=0
@ -1013,7 +1014,7 @@ copy_file_to_location() { # copies a file, using scp, sftp or ftp if required.
ftpfile=$(basename "$ftplocn")
fromdir=$(dirname "$from")
fromfile=$(basename "$from")
debug "ftp user=$ftpuser - pass=$ftppass - host=$ftphost dir=$ftpdirn file=$ftpfile"
debug "ftp user=$ftpuser - pass=$ftppass - host=$ftphost port=$FTP_PORT dir=$ftpdirn file=$ftpfile"
debug "from dir=$fromdir file=$fromfile"
if [ -n "$FTP_OPTIONS" ]; then
# Use eval to expand any variables in FTP_OPTIONS
@ -1021,7 +1022,7 @@ copy_file_to_location() { # copies a file, using scp, sftp or ftp if required.
debug "FTP_OPTIONS=$FTP_OPTIONS"
fi
$FTP_COMMAND <<- _EOF
open $ftphost
open $ftphost $FTP_PORT
user $ftpuser $ftppass
$FTP_OPTIONS
cd $ftpdirn
@ -1038,10 +1039,11 @@ copy_file_to_location() { # copies a file, using scp, sftp or ftp if required.
ftpfile=$(basename "$ftplocn")
fromdir=$(dirname "$from")
fromfile=$(basename "$from")
debug "sftp $SFTP_OPTS user=$ftpuser - pass=$ftppass - host=$ftphost dir=$ftpdirn file=$ftpfile"
if [ -n "$FTP_PORT" ]; then SFTP_PORT="-P $FTP_PORT"; else SFTP_PORT=""; fi
debug "sftp $SFTP_OPTS user=$ftpuser - pass=$ftppass - host=$ftphost port=$FTP_PORT dir=$ftpdirn file=$ftpfile"
debug "from dir=$fromdir file=$fromfile"
# shellcheck disable=SC2086
sshpass -p "$ftppass" sftp $SFTP_OPTS "$ftpuser@$ftphost" <<- _EOF
sshpass -p "$ftppass" sftp $SFTP_OPTS $SFTP_PORT "$ftpuser@$ftphost" <<- _EOF
cd $ftpdirn
lcd $fromdir
put ./$fromfile
@ -1064,7 +1066,7 @@ copy_file_to_location() { # copies a file, using scp, sftp or ftp if required.
curl ${_NOMETER} -u "${davsuser}:${davspass}" -T "${fromdir}/${fromfile}" "https://${davshost}:${davsport}${davsdirn}${davsfile}"
elif [[ "${to:0:6}" == "ftpes:" ]] || [[ "${to:0:5}" == "ftps:" ]] ; then
# FTPES (FTP over explicit TLS/SSL, port 21) and FTPS (FTP over implicit TLS/SSL, port 990).
debug "using ftp to copy the file from $from"
debug "using ${to:0:5} to copy the file from $from"
ftpuser=$(echo "$to"| awk -F: '{print $2}')
ftppass=$(echo "$to"| awk -F: '{print $3}')
ftphost=$(echo "$to"| awk -F: '{print $4}')
@ -1073,18 +1075,25 @@ copy_file_to_location() { # copies a file, using scp, sftp or ftp if required.
ftpfile=$(basename "$ftplocn")
fromdir=$(dirname "$from")
fromfile=$(basename "$from")
debug "ftp user=$ftpuser - pass=$ftppass - host=$ftphost dir=$ftpdirn file=$ftpfile"
SFTP_PORT="";
if [ -n "$FTP_PORT" ]; then SFTP_PORT=":${FTP_PORT}"; fi
debug "${to:0:5} user=$ftpuser - pass=$ftppass - host=$ftphost port=$FTP_PORT dir=$ftpdirn file=$ftpfile"
debug "from dir=$fromdir file=$fromfile"
if [[ "${to:0:5}" == "ftps:" ]] ; then
# if no FTP_PORT is specified, then use default
if [ -z "$FTP_PORT" ]; then
SFTP_PORT=":990"
fi
# shellcheck disable=SC2086
debug curl ${_NOMETER} $FTPS_OPTIONS --ftp-ssl --ftp-ssl-reqd -u "${ftpuser}:${ftppass}" -T "${fromdir}/${fromfile}" "ftps://${ftphost}:990/${ftpdirn}/"
debug curl ${_NOMETER} $FTPS_OPTIONS --ftp-ssl --ftp-ssl-reqd -u "${ftpuser}:${ftppass}" -T "${fromdir}/${fromfile}" "ftps://${ftphost}${SFTP_PORT}/${ftpdirn}/"
# shellcheck disable=SC2086
curl ${_NOMETER} $FTPS_OPTIONS --ftp-ssl --ftp-ssl-reqd -u "${ftpuser}:${ftppass}" -T "${fromdir}/${fromfile}" "ftps://${ftphost}:990/${ftpdirn}/"
curl ${_NOMETER} $FTPS_OPTIONS --ftp-ssl --ftp-ssl-reqd -u "${ftpuser}:${ftppass}" -T "${fromdir}/${fromfile}" "ftps://${ftphost}${SFTP_PORT}/${ftpdirn}/"
else
# shellcheck disable=SC2086
debug curl ${_NOMETER} $FTPS_OPTIONS --ftp-ssl --ftp-ssl-reqd -u "${ftpuser}:${ftppass}" -T "${fromdir}/${fromfile}" "ftp://${ftphost}/${ftpdirn}/"
debug curl ${_NOMETER} $FTPS_OPTIONS --ftp-ssl --ftp-ssl-reqd -u "${ftpuser}:${ftppass}" -T "${fromdir}/${fromfile}" "ftp://${ftphost}${SFTP_PORT}/${ftpdirn}/"
# shellcheck disable=SC2086
curl ${_NOMETER} $FTPS_OPTIONS --ftp-ssl --ftp-ssl-reqd -u "${ftpuser}:${ftppass}" -T "${fromdir}/${fromfile}" "ftp://${ftphost}/${ftpdirn}/"
curl ${_NOMETER} $FTPS_OPTIONS --ftp-ssl --ftp-ssl-reqd -u "${ftpuser}:${ftppass}" -T "${fromdir}/${fromfile}" "ftp://${ftphost}${SFTP_PORT}/${ftpdirn}/"
fi
else
if ! mkdir -p "$(dirname "$to")" ; then


+ 167
- 0
test/34-ftp-ports.bats View File

@ -0,0 +1,167 @@
#! /usr/bin/env bats
load '/bats-support/load.bash'
load '/bats-assert/load.bash'
load '/getssl/test/test_helper.bash'
# This is run for every test
setup() {
[ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure"
export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
if [ -n "${VSFTPD_CONF}" ]; then
if [ ! -f "${VSFTPD_CONF}.getssl" ]; then
cp $VSFTPD_CONF ${VSFTPD_CONF}.getssl
else
cp ${VSFTPD_CONF}.getssl $VSFTPD_CONF
fi
# enable passive and disable active mode
# https://www.pixelstech.net/article/1364817664-FTP-active-mode-and-passive-mode
cat <<- _FTP >> $VSFTPD_CONF
pasv_enable=YES
pasv_max_port=10100
pasv_min_port=10090
_FTP
fi
}
teardown() {
[ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip
if [ -n "${VSFTPD_CONF}" ]; then
cp ${VSFTPD_CONF}.getssl $VSFTPD_CONF
${CODE_DIR}/test/restart-ftpd stop
fi
}
@test "Use ftpes, FTP_PORT=1001 (explicit ssl, port 1001) to create challenge file" {
if [[ ! -f /etc/vsftpd.pem ]]; then
echo "FAILED: This test requires the previous test to succeed"
exit 1
fi
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
if [[ ! -d /var/www/html/.well-known/acme-challenge ]]; then
mkdir -p /var/www/html/.well-known/acme-challenge
fi
# Restart vsftpd with ssl enabled
cat <<- _FTP >> $VSFTPD_CONF
connect_from_port_20=NO
listen_port=1001
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
rsa_cert_file=/etc/vsftpd.pem
rsa_private_key_file=/etc/vsftpd.pem
_FTP
${CODE_DIR}/test/restart-ftpd start
# Always change ownership and permissions in case previous tests created the directories as root
chgrp -R www-data /var/www/html/.well-known
chmod -R g+w /var/www/html/.well-known
CONFIG_FILE="getssl-http01.cfg"
setup_environment
init_getssl
# Verbose output is needed so the test assertion passes
# On Ubuntu 14 and 18 curl errors with "unable to get issuer certificate" so disable cert check using "-k"
if [[ "$GETSSL_OS" == "ubuntu14" || "$GETSSL_OS" == "ubuntu18" ]]; then
cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
ACL="ftpes:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge"
FTPS_OPTIONS="--cacert /etc/cacert.pem -v -k"
FTP_PORT=1001
EOF
else
cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
ACL="ftpes:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge"
FTPS_OPTIONS="--cacert /etc/cacert.pem -v"
FTP_PORT=1001
EOF
fi
create_certificate
assert_success
# assert_line --partial "SSL connection using TLSv1.3"
assert_line --partial "200 PROT now Private"
check_output_for_errors
}
@test "Use ftps, FTP_PORT=2002 (implicit ssl, port 2002) to create challenge file" {
if [[ ! -f /etc/vsftpd.pem ]]; then
echo "FAILED: This test requires the previous test to succeed"
exit 1
fi
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
# Restart vsftpd listening on port 990
cat <<- _FTP >> $VSFTPD_CONF
implicit_ssl=YES
listen_port=2002
connect_from_port_20=NO
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
rsa_cert_file=/etc/vsftpd.pem
rsa_private_key_file=/etc/vsftpd.pem
_FTP
${CODE_DIR}/test/restart-ftpd start
if [[ ! -d /var/www/html/.well-known/acme-challenge ]]; then
mkdir -p /var/www/html/.well-known/acme-challenge
fi
# Always change ownership and permissions in case previous tests created the directories as root
chgrp -R www-data /var/www/html/.well-known
chmod -R g+w /var/www/html/.well-known
CONFIG_FILE="getssl-http01.cfg"
setup_environment
init_getssl
# Verbose output is needed so the test assertion passes
# On Ubuntu 14 and 18 curl errors with "unable to get issuer certificate" so disable cert check using "-k"
# as I don't have time to fix
if [[ "$GETSSL_OS" == "ubuntu14" || "$GETSSL_OS" == "ubuntu18" ]]; then
cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
ACL="ftps:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge"
FTPS_OPTIONS="--cacert /etc/cacert.pem -v -k"
FTP_PORT=2002
EOF
else
cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
ACL="ftps:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge"
FTPS_OPTIONS="--cacert /etc/cacert.pem -v"
FTP_PORT=2002
EOF
fi
create_certificate
assert_success
assert_line --partial "200 PROT now Private"
check_output_for_errors
}

Write Preview
Loading…
Cancel
Save