Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to use the source code to analyze FileZilla. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

FileZilla is a fast and reliable FTP client and server-side open source program with a variety of features and intuitive interfaces. This article will give you an analysis of the FileZilla source code.

After the FTP customer establishes a socket connection with the FileZilla server through the ftp localhost command, FileZilla Server displays the welcome message, which is similar to that on the screen (we use the ftp command under windows as the sample):

Connected to dell.

220-FileZilla Server version 0.9.18 beta

220-written by Tim Kosse (Tim.Kosse@gmx.de)

220 Please visit http://sourceforge.net/projects/filezilla/

User (dell: (none)):

Prompt for a user name, assuming that the user enters whg and enter, and the ftp client will translate the characters entered by the user into the standard FTP command "USER whg" and send them to the server, because it is CControlSocket that listens on the socket, and recv-related events are finally distributed to the OnReceive method of CControlSocket through the previously mentioned distribution mechanism. Let me take a look at this method:

M_antiHammeringWaitTime doesn't know what it does yet, but when tracking the source code, its initial value is 0, so skip this first.

The next segment is to get the transmission speed limit SpeedLimit, or-1 if there is no limit.

Further down:

Int numread = Receive (buffer, len); / / call recv to get socket data, and take the len length data and put it in buffer

After reading successfully, put the received data in buffer into m_RecvBuffer byte by byte:

M _ RecvBuffer [m _ nRecvBufferPos++] = buffer [I]

Then put the m_RecvBuffer you just received into m_RecvLineBuffer:

M_RecvLineBuffer.push_back (m_RecvBuffer)

M_RecvLineBuffer is the equivalent of a command pool in which commands sent by users but not yet processed are stored.

When the recv is finished, call ParseCommand () to interpret the command.

First of all, the first command in m_RecvLineBuffer is extracted through GetCommand () and interpreted as the command command and the parameter args. For example, the command USER whg is interpreted as command=USER, args=whg.

The following loop:

For (int I = 0; I

< (sizeof(commands)/sizeof(t_command)); i++) 通过在预先定义的FTP Server所有命令commands中，查找是否包含command，从而校验刚才收到的命令的合法性，如果command不在commands中，显示command是非法命令，这时发送客户端 Send(_T("500 Syntax error, command unrecognized.")); 即使命令是合法的，但如果参数不对(bHasargs指定这个命令是否需要参数)，即有些命令必须带参数，而args没有，这时会发送： Send(_T("501 Syntax error")); 下面： if (!m_RecvLineBuffer.empty()) m_pOwner->

PostThreadMessage (WM_FILEZILLA_THREADMSG, FTM_COMMAND, m_userid)

Indicates that if there are still outstanding commands in the command buffer, a message is sent to CServerThread,CServerThread to process the message in the method OnThreadMessage:

Else if (wParam==FTM_COMMAND)

{/ / Process a command sent from a client

CControlSocket * socket=GetControlSocket (lParam)

If (socket)

Socket- > ParseCommand ()

}

In the GetControlSocket () method:

CControlSocket * CServerThread::GetControlSocket (int userid)

{

CControlSocket * ret=0

EnterCritSection (m_threadsync)

/ / the following map is user-> CControlSocket, that is, the CControlSocket that serves the userid is found through userid

Std::map::iterator iter=m_LocalUserIDs.find (userid)

If (iterators responsible LocalUserIDs. End ())

Ret=iter- > second

LeaveCritSection (m_threadsync)

Return ret

}

As you can see, the purpose of sending this message is to let CControlSocket continue to call ParseCommand () to process the next command.

Back to the original ParseCommand (), if there is no problem with the command parameters, check whether the command must be logged in before it is used (specified by bValidBeforeLogon). For example, the get command must be logged in first, while the USER command is not. If you must log in first, send:

Send (_ T ("530 Please log in with USER and PASS first."))

Again, below.

PostThreadMessage-> PostThreadMessage (WM_FILEZILLA_THREADMSG, FTM_COMMAND, m_userid)

If all the orders are qualified, the following:

Switch (nCommandID)

To handle different commands, since this is the COMMAND_USER command, let's take a look at the process:

After some processing, the following is sent

Send (_ T ("331 Password required for") + args)

When the user is asked to enter a password, the client screen displays:

331 Password required for whg

Password:

After the user enters the password, enter, and then the ftp client will translate it into the standard FTP command "PASS 123456" and send it to the server. Let's take a look at how ParseCommand () handles this:

Case COMMAND_PASS:

Else if (DoUserLogin (args))

Send (_ T ("230Logged on"))

After DoUserLogin () determines that the login is successful, send a successful login message to the client, otherwise an error message will be sent:

Send (_ T ("530 Login or password incorrect!"))

If you take a closer look at CPermissions::CheckUserLogin (), you can see that the password is encrypted by MD5, and when the CServerThread is created, the member variables related to permissions are initialized:

M_pPermissions = new CPermissions

In CPermissions::Init (), call ReadSettings () to read all the user information (including passwords) into memory from the configuration file, so the password check is just a string comparison in memory.

After the user successfully logs in, the FTP client displays:

C:\ Documents and Settings\ Administrator > ftp localhost

Connected to dell.

220-FileZilla Server version 0.9.18 beta

220-written by Tim Kosse (Tim.Kosse@gmx.de)

220 Please visit http://sourceforge.net/projects/filezilla/

User (dell: (none)): whg

331 Password required for whg

Password:

230 Logged on

Ftp >

Now the FTP server is waiting for a new FTP command.

The above is the editor for you to share how to use the source code to analyze FileZilla, if you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.