Issue #2054: ftplib now provides an FTP_TLS class to do secure FTP using

TLS or SSL.  Patch by Giampaolo Rodola'.
This commit is contained in:
Antoine Pitrou 2009-11-15 17:22:09 +00:00
parent 82864d1ab1
commit ccd5e02d2b
4 changed files with 450 additions and 5 deletions

View File

@ -49,6 +49,41 @@ The module defines the following items:
.. versionchanged:: 2.6 .. versionchanged:: 2.6
*timeout* was added. *timeout* was added.
.. class:: FTP_TLS([host[, user[, passwd[, acct[, keyfile[, certfile[, timeout]]]]]]])
A :class:`FTP` subclass which adds TLS support to FTP as described in
:rfc:`4217`.
Connect as usual to port 21 implicitly securing the FTP control connection
before authenticating. Securing the data connection requires user to
explicitly ask for it by calling :exc:`prot_p()` method.
*keyfile* and *certfile* are optional - they can contain a PEM formatted
private key and certificate chain file for the SSL connection.
.. versionadded:: 2.7 Contributed by Giampaolo Rodola'
Here's a sample session using :class:`FTP_TLS` class:
>>> from ftplib import FTP_TLS
>>> ftps = FTP_TLS('ftp.python.org')
>>> ftps.login() # login anonimously previously securing control channel
>>> ftps.prot_p() # switch to secure data connection
>>> ftps.retrlines('LIST') # list directory content securely
total 9
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 .
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 ..
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 bin
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 etc
d-wxrwxr-x 2 ftp wheel 1024 Sep 5 13:43 incoming
drwxr-xr-x 2 root wheel 1024 Nov 17 1993 lib
drwxr-xr-x 6 1094 wheel 1024 Sep 13 19:07 pub
drwxr-xr-x 3 root wheel 1024 Jan 3 1994 usr
-rw-r--r-- 1 root root 312 Aug 1 1994 welcome.msg
'226 Transfer complete.'
>>> ftps.quit()
>>>
.. attribute:: all_errors .. attribute:: all_errors
@ -329,3 +364,26 @@ followed by ``lines`` for the text version or ``binary`` for the binary version.
:meth:`close` or :meth:`quit` you cannot reopen the connection by issuing :meth:`close` or :meth:`quit` you cannot reopen the connection by issuing
another :meth:`login` method). another :meth:`login` method).
FTP_TLS Objects
---------------
:class:`FTP_TLS` class inherits from :class:`FTP`, defining these additional objects:
.. attribute:: FTP_TLS.ssl_version
The SSL version to use (defaults to *TLSv1*).
.. method:: FTP_TLS.auth()
Set up secure control connection by using TLS or SSL, depending on what specified in :meth:`ssl_version` attribute.
.. method:: FTP_TLS.prot_p()
Set up secure data connection.
.. method:: FTP_TLS.prot_c()
Set up clear text data connection.

View File

@ -33,6 +33,7 @@ python ftplib.py -d localhost -l -p -l
# Modified by Jack to work on the mac. # Modified by Jack to work on the mac.
# Modified by Siebren to support docstrings and PASV. # Modified by Siebren to support docstrings and PASV.
# Modified by Phil Schwartz to add storbinary and storlines callbacks. # Modified by Phil Schwartz to add storbinary and storlines callbacks.
# Modified by Giampaolo Rodola' to add TLS support.
# #
import os import os
@ -575,6 +576,181 @@ class FTP:
self.file = self.sock = None self.file = self.sock = None
try:
import ssl
except ImportError:
pass
else:
class FTP_TLS(FTP):
'''A FTP subclass which adds TLS support to FTP as described
in RFC-4217.
Connect as usual to port 21 implicitly securing the FTP control
connection before authenticating.
Securing the data connection requires user to explicitly ask
for it by calling prot_p() method.
Usage example:
>>> from ftplib import FTP_TLS
>>> ftps = FTP_TLS('ftp.python.org')
>>> ftps.login() # login anonimously previously securing control channel
'230 Guest login ok, access restrictions apply.'
>>> ftps.prot_p() # switch to secure data connection
'200 Protection level set to P'
>>> ftps.retrlines('LIST') # list directory content securely
total 9
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 .
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 ..
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 bin
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 etc
d-wxrwxr-x 2 ftp wheel 1024 Sep 5 13:43 incoming
drwxr-xr-x 2 root wheel 1024 Nov 17 1993 lib
drwxr-xr-x 6 1094 wheel 1024 Sep 13 19:07 pub
drwxr-xr-x 3 root wheel 1024 Jan 3 1994 usr
-rw-r--r-- 1 root root 312 Aug 1 1994 welcome.msg
'226 Transfer complete.'
>>> ftps.quit()
'221 Goodbye.'
>>>
'''
ssl_version = ssl.PROTOCOL_TLSv1
def __init__(self, host='', user='', passwd='', acct='', keyfile=None,
certfile=None, timeout=_GLOBAL_DEFAULT_TIMEOUT):
self.keyfile = keyfile
self.certfile = certfile
self._prot_p = False
FTP.__init__(self, host, user, passwd, acct, timeout)
def login(self, user='', passwd='', acct='', secure=True):
if secure and not isinstance(self.sock, ssl.SSLSocket):
self.auth()
return FTP.login(self, user, passwd, acct)
def auth(self):
'''Set up secure control connection by using TLS/SSL.'''
if isinstance(self.sock, ssl.SSLSocket):
raise ValueError("Already using TLS")
if self.ssl_version == ssl.PROTOCOL_TLSv1:
resp = self.voidcmd('AUTH TLS')
else:
resp = self.voidcmd('AUTH SSL')
self.sock = ssl.wrap_socket(self.sock, self.keyfile, self.certfile,
ssl_version=self.ssl_version)
self.file = self.sock.makefile(mode='rb')
return resp
def prot_p(self):
'''Set up secure data connection.'''
# PROT defines whether or not the data channel is to be protected.
# Though RFC-2228 defines four possible protection levels,
# RFC-4217 only recommends two, Clear and Private.
# Clear (PROT C) means that no security is to be used on the
# data-channel, Private (PROT P) means that the data-channel
# should be protected by TLS.
# PBSZ command MUST still be issued, but must have a parameter of
# '0' to indicate that no buffering is taking place and the data
# connection should not be encapsulated.
self.voidcmd('PBSZ 0')
resp = self.voidcmd('PROT P')
self._prot_p = True
return resp
def prot_c(self):
'''Set up clear text data connection.'''
resp = self.voidcmd('PROT C')
self._prot_p = False
return resp
# --- Overridden FTP methods
def ntransfercmd(self, cmd, rest=None):
conn, size = FTP.ntransfercmd(self, cmd, rest)
if self._prot_p:
conn = ssl.wrap_socket(conn, self.keyfile, self.certfile,
ssl_version=self.ssl_version)
return conn, size
def retrbinary(self, cmd, callback, blocksize=8192, rest=None):
self.voidcmd('TYPE I')
conn = self.transfercmd(cmd, rest)
try:
while 1:
data = conn.recv(blocksize)
if not data:
break
callback(data)
# shutdown ssl layer
if isinstance(conn, ssl.SSLSocket):
conn.unwrap()
finally:
conn.close()
return self.voidresp()
def retrlines(self, cmd, callback = None):
if callback is None: callback = print_line
resp = self.sendcmd('TYPE A')
conn = self.transfercmd(cmd)
fp = conn.makefile('rb')
try:
while 1:
line = fp.readline()
if self.debugging > 2: print '*retr*', repr(line)
if not line:
break
if line[-2:] == CRLF:
line = line[:-2]
elif line[-1:] == '\n':
line = line[:-1]
callback(line)
# shutdown ssl layer
if isinstance(conn, ssl.SSLSocket):
conn.unwrap()
finally:
fp.close()
conn.close()
return self.voidresp()
def storbinary(self, cmd, fp, blocksize=8192, callback=None):
self.voidcmd('TYPE I')
conn = self.transfercmd(cmd)
try:
while 1:
buf = fp.read(blocksize)
if not buf: break
conn.sendall(buf)
if callback: callback(buf)
# shutdown ssl layer
if isinstance(conn, ssl.SSLSocket):
conn.unwrap()
finally:
conn.close()
return self.voidresp()
def storlines(self, cmd, fp, callback=None):
self.voidcmd('TYPE A')
conn = self.transfercmd(cmd)
try:
while 1:
buf = fp.readline()
if not buf: break
if buf[-2:] != CRLF:
if buf[-1] in CRLF: buf = buf[:-1]
buf = buf + CRLF
conn.sendall(buf)
if callback: callback(buf)
# shutdown ssl layer
if isinstance(conn, ssl.SSLSocket):
conn.unwrap()
finally:
conn.close()
return self.voidresp()
__all__.append('FTP_TLS')
all_errors = (Error, IOError, EOFError, ssl.SSLError)
_150_re = None _150_re = None
def parse150(resp): def parse150(resp):

View File

@ -1,6 +1,7 @@
"""Test script for ftplib module.""" """Test script for ftplib module."""
# Modified by Giampaolo Rodola' to test FTP class and IPv6 environment # Modified by Giampaolo Rodola' to test FTP class, IPv6 and TLS
# environment
import ftplib import ftplib
import threading import threading
@ -8,6 +9,12 @@ import asyncore
import asynchat import asynchat
import socket import socket
import StringIO import StringIO
import errno
import os
try:
import ssl
except ImportError:
ssl = None
from unittest import TestCase from unittest import TestCase
from test import test_support from test import test_support
@ -38,6 +45,8 @@ class DummyDTPHandler(asynchat.async_chat):
class DummyFTPHandler(asynchat.async_chat): class DummyFTPHandler(asynchat.async_chat):
dtp_handler = DummyDTPHandler
def __init__(self, conn): def __init__(self, conn):
asynchat.async_chat.__init__(self, conn) asynchat.async_chat.__init__(self, conn)
self.set_terminator("\r\n") self.set_terminator("\r\n")
@ -81,7 +90,7 @@ class DummyFTPHandler(asynchat.async_chat):
ip = '%d.%d.%d.%d' %tuple(addr[:4]) ip = '%d.%d.%d.%d' %tuple(addr[:4])
port = (addr[4] * 256) + addr[5] port = (addr[4] * 256) + addr[5]
s = socket.create_connection((ip, port), timeout=2) s = socket.create_connection((ip, port), timeout=2)
self.dtp = DummyDTPHandler(s, baseclass=self) self.dtp = self.dtp_handler(s, baseclass=self)
self.push('200 active data connection established') self.push('200 active data connection established')
def cmd_pasv(self, arg): def cmd_pasv(self, arg):
@ -93,13 +102,13 @@ class DummyFTPHandler(asynchat.async_chat):
ip = ip.replace('.', ','); p1 = port / 256; p2 = port % 256 ip = ip.replace('.', ','); p1 = port / 256; p2 = port % 256
self.push('227 entering passive mode (%s,%d,%d)' %(ip, p1, p2)) self.push('227 entering passive mode (%s,%d,%d)' %(ip, p1, p2))
conn, addr = sock.accept() conn, addr = sock.accept()
self.dtp = DummyDTPHandler(conn, baseclass=self) self.dtp = self.dtp_handler(conn, baseclass=self)
def cmd_eprt(self, arg): def cmd_eprt(self, arg):
af, ip, port = arg.split(arg[0])[1:-1] af, ip, port = arg.split(arg[0])[1:-1]
port = int(port) port = int(port)
s = socket.create_connection((ip, port), timeout=2) s = socket.create_connection((ip, port), timeout=2)
self.dtp = DummyDTPHandler(s, baseclass=self) self.dtp = self.dtp_handler(s, baseclass=self)
self.push('200 active data connection established') self.push('200 active data connection established')
def cmd_epsv(self, arg): def cmd_epsv(self, arg):
@ -110,7 +119,7 @@ class DummyFTPHandler(asynchat.async_chat):
port = sock.getsockname()[1] port = sock.getsockname()[1]
self.push('229 entering extended passive mode (|||%d|)' %port) self.push('229 entering extended passive mode (|||%d|)' %port)
conn, addr = sock.accept() conn, addr = sock.accept()
self.dtp = DummyDTPHandler(conn, baseclass=self) self.dtp = self.dtp_handler(conn, baseclass=self)
def cmd_echo(self, arg): def cmd_echo(self, arg):
# sends back the received string (used by the test suite) # sends back the received string (used by the test suite)
@ -225,6 +234,126 @@ class DummyFTPServer(asyncore.dispatcher, threading.Thread):
raise raise
if ssl is not None:
CERTFILE = os.path.join(os.path.dirname(__file__), "keycert.pem")
class SSLConnection(object, asyncore.dispatcher):
"""An asyncore.dispatcher subclass supporting TLS/SSL."""
_ssl_accepting = False
def secure_connection(self):
self.socket = ssl.wrap_socket(self.socket, suppress_ragged_eofs=False,
certfile=CERTFILE, server_side=True,
do_handshake_on_connect=False,
ssl_version=ssl.PROTOCOL_SSLv23)
self._ssl_accepting = True
def _do_ssl_handshake(self):
try:
self.socket.do_handshake()
except ssl.SSLError, err:
if err.args[0] in (ssl.SSL_ERROR_WANT_READ,
ssl.SSL_ERROR_WANT_WRITE):
return
elif err.args[0] == ssl.SSL_ERROR_EOF:
return self.handle_close()
raise
except socket.error, err:
if err.args[0] == errno.ECONNABORTED:
return self.handle_close()
else:
self._ssl_accepting = False
def handle_read_event(self):
if self._ssl_accepting:
self._do_ssl_handshake()
else:
super(SSLConnection, self).handle_read_event()
def handle_write_event(self):
if self._ssl_accepting:
self._do_ssl_handshake()
else:
super(SSLConnection, self).handle_write_event()
def send(self, data):
try:
return super(SSLConnection, self).send(data)
except ssl.SSLError, err:
if err.args[0] in (ssl.SSL_ERROR_EOF, ssl.SSL_ERROR_ZERO_RETURN):
return 0
raise
def recv(self, buffer_size):
try:
return super(SSLConnection, self).recv(buffer_size)
except ssl.SSLError, err:
if err.args[0] in (ssl.SSL_ERROR_EOF, ssl.SSL_ERROR_ZERO_RETURN):
self.handle_close()
return ''
raise
def handle_error(self):
raise
def close(self):
try:
if isinstance(self.socket, ssl.SSLSocket):
if self.socket._sslobj is not None:
self.socket.unwrap()
finally:
super(SSLConnection, self).close()
class DummyTLS_DTPHandler(SSLConnection, DummyDTPHandler):
"""A DummyDTPHandler subclass supporting TLS/SSL."""
def __init__(self, conn, baseclass):
DummyDTPHandler.__init__(self, conn, baseclass)
if self.baseclass.secure_data_channel:
self.secure_connection()
class DummyTLS_FTPHandler(SSLConnection, DummyFTPHandler):
"""A DummyFTPHandler subclass supporting TLS/SSL."""
dtp_handler = DummyTLS_DTPHandler
def __init__(self, conn):
DummyFTPHandler.__init__(self, conn)
self.secure_data_channel = False
def cmd_auth(self, line):
"""Set up secure control channel."""
self.push('234 AUTH TLS successful')
self.secure_connection()
def cmd_pbsz(self, line):
"""Negotiate size of buffer for secure data transfer.
For TLS/SSL the only valid value for the parameter is '0'.
Any other value is accepted but ignored.
"""
self.push('200 PBSZ=0 successful.')
def cmd_prot(self, line):
"""Setup un/secure data channel."""
arg = line.upper()
if arg == 'C':
self.push('200 Protection set to Clear')
self.secure_data_channel = False
elif arg == 'P':
self.push('200 Protection set to Private')
self.secure_data_channel = True
else:
self.push("502 Unrecognized PROT type (use C or P).")
class DummyTLS_FTPServer(DummyFTPServer):
handler = DummyTLS_FTPHandler
class TestFTPClass(TestCase): class TestFTPClass(TestCase):
def setUp(self): def setUp(self):
@ -398,6 +527,81 @@ class TestIPv6Environment(TestCase):
retr() retr()
class TestTLS_FTPClassMixin(TestFTPClass):
"""Repeat TestFTPClass tests starting the TLS layer for both control
and data connections first.
"""
def setUp(self):
self.server = DummyTLS_FTPServer((HOST, 0))
self.server.start()
self.client = ftplib.FTP_TLS(timeout=2)
self.client.connect(self.server.host, self.server.port)
# enable TLS
self.client.auth()
self.client.prot_p()
class TestTLS_FTPClass(TestCase):
"""Specific TLS_FTP class tests."""
def setUp(self):
self.server = DummyTLS_FTPServer((HOST, 0))
self.server.start()
self.client = ftplib.FTP_TLS(timeout=2)
self.client.connect(self.server.host, self.server.port)
def tearDown(self):
self.client.close()
self.server.stop()
def test_control_connection(self):
self.assertFalse(isinstance(self.client.sock, ssl.SSLSocket))
self.client.auth()
self.assertTrue(isinstance(self.client.sock, ssl.SSLSocket))
def test_data_connection(self):
# clear text
sock = self.client.transfercmd('list')
self.assertFalse(isinstance(sock, ssl.SSLSocket))
sock.close()
self.client.voidresp()
# secured, after PROT P
self.client.prot_p()
sock = self.client.transfercmd('list')
self.assertTrue(isinstance(sock, ssl.SSLSocket))
sock.close()
self.client.voidresp()
# PROT C is issued, the connection must be in cleartext again
self.client.prot_c()
sock = self.client.transfercmd('list')
self.assertFalse(isinstance(sock, ssl.SSLSocket))
sock.close()
self.client.voidresp()
def test_login(self):
# login() is supposed to implicitly secure the control connection
self.assertFalse(isinstance(self.client.sock, ssl.SSLSocket))
self.client.login()
self.assertTrue(isinstance(self.client.sock, ssl.SSLSocket))
# make sure that AUTH TLS doesn't get issued again
self.client.login()
def test_auth_issued_twice(self):
self.client.auth()
self.assertRaises(ValueError, self.client.auth)
def test_auth_ssl(self):
try:
self.client.ssl_version = ssl.PROTOCOL_SSLv3
self.client.auth()
self.assertRaises(ValueError, self.client.auth)
finally:
self.client.ssl_version = ssl.PROTOCOL_TLSv1
class TestTimeouts(TestCase): class TestTimeouts(TestCase):
def setUp(self): def setUp(self):
@ -499,6 +703,10 @@ def test_main():
pass pass
else: else:
tests.append(TestIPv6Environment) tests.append(TestIPv6Environment)
if ssl is not None:
tests.extend([TestTLS_FTPClassMixin, TestTLS_FTPClass])
thread_info = test_support.threading_setup() thread_info = test_support.threading_setup()
try: try:
test_support.run_unittest(*tests) test_support.run_unittest(*tests)

View File

@ -429,6 +429,9 @@ Core and Builtins
Library Library
------- -------
- Issue #2054: ftplib now provides an FTP_TLS class to do secure FTP using
TLS or SSL. Patch by Giampaolo Rodola'.
- Issue #4969: The mimetypes module now reads the MIME database from - Issue #4969: The mimetypes module now reads the MIME database from
the registry under Windows. Patch by Gabriel Genellina. the registry under Windows. Patch by Gabriel Genellina.