MOD_FTP STATUS: -*-text-*- Last modified at [$Date$] The current version of this file can be found at: * Consult the following STATUS files for information on related projects: * * Release history: [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases, while x.{even}.z versions are Stable/GA releases.] 0.9.2 : tagged June 17, 2008 0.9.1 : tagged, not released 0.9.0 : tagged, not released Contributors looking for a mission: * Just do an egrep on "TODO" or "XXX" in the source. * Review the bug database at: * Review the "PatchAvailable" bugs in the bug database: After testing, you can append a comment saying "Reviewed and tested". * Open bugs in the bug database RELEASE SHOWSTOPPERS: * Several clients either trap the 'A' of ABOR in the OOB chunk, or omit some bytes of the IAC IP IAC DM urgent byte sequence. Handle these exceptions cases properly in the OOB data channel read. Pity that the client developers never bothered to learn the telnet protocol. * FTPLimit* family of directives share an FTPLimitDBFile across hosts, yet fail to scope their tracking records to the corresponding host. Revert the notes in once corrected. * include/mod_ftp.h clearly needs refactoring of public and private interfaces to mod_ftp, and appropriate declarations for those that will remain public. Perhaps private declarations should be moved to modules/ftp/ftp_private.h and out of include/ altogether. CURRENT RELEASE NOTES: * EPSV and EPRT need real world testing for different routing and DMZ cases and validating a range of IPv6-enabled clients' interop. Note many IPv4-only NAT routers appear to ignore EPRT commands, even as they would fix up NAT addresses from PORT commands. CURRENT VOTES: REALLY NICE TO WRAP THESE UP: * Implement AUTH GSSAPI/ADAT commands from RFC2228 Appendix I. * Create a parent worker, servicing root port configurations of active/passive sockets, as a unix domain socket-based allocator. It needs to be expecially strict about comparing the requested allocation to the server configurations, which are shared from the parent to this worker, and with the children. * For in-tree builds, extending with our local [exp_]ftpdocsdir and installing that tree. * For in-tree builds, expanding @@FTPPort@@ / @exp_ftpdocsdir@ and installing conf/extra/ftpd.conf. * Review i18n and naming convention issues from "Internationalization of the File Transfer Protocol", Curtin and perhaps "UTF-8 Option for FTP", Lundberg * Review features from "Extensions to FTP", Hethmon * In httpd 2.3-dev and later, it's no longer possible to process Require dir-name which meant that mod_ftp auth required that the logged in user match the name of the directory in which the Require was placed. This should be added as a seperate authz provider, or refactored to the new auth syntax (or simply dropped?) REFERENCES: * "FILE TRANSFER PROTOCOL (FTP)", Postel, Reynolds * "FTP Security Extensions", Horowitz, Lunt * "FTP Extensions for IPv6 and NATs", Allman, Ostermann, Metz * "Securing FTP with TLS", Ford-Hutchinson