Issue #2054: ftplib now provides an FTP_TLS class to do secure FTP using

TLS or SSL. Patch by Giampaolo Rodola'.
2009-11-15 17:22:09 +00:00 · 2009-11-15 17:22:09 +00:00 · ccd5e02d2b
parent 82864d1ab1
commit ccd5e02d2b
4 changed files with 450 additions and 5 deletions
--- a/Doc/library/ftplib.rst
+++ b/Doc/library/ftplib.rst
@ -49,6 +49,41 @@ The module defines the following items:
   .. versionchanged:: 2.6
      *timeout* was added.
 .. class:: FTP_TLS([host[, user[, passwd[, acct[, keyfile[, certfile[, timeout]]]]]]])
   A :class:`FTP` subclass which adds TLS support to FTP as described in
   :rfc:`4217`.
   Connect as usual to port 21 implicitly securing the FTP control connection
   before authenticating. Securing the data connection requires user to
   explicitly ask for it by calling :exc:`prot_p()` method.
   *keyfile* and *certfile* are optional - they can contain a PEM formatted
   private key and certificate chain file for the SSL connection.
   .. versionadded:: 2.7 Contributed by Giampaolo Rodola'
   Here's a sample session using :class:`FTP_TLS` class:
   >>> from ftplib import FTP_TLS
   >>> ftps = FTP_TLS('ftp.python.org')
   >>> ftps.login()              # login anonimously previously securing control channel
   >>> ftps.prot_p()             # switch to secure data connection
   >>> ftps.retrlines('LIST')    # list directory content securely
   total 9
   drwxr-xr-x   8 root     wheel        1024 Jan  3  1994 .
   drwxr-xr-x   8 root     wheel        1024 Jan  3  1994 ..
   drwxr-xr-x   2 root     wheel        1024 Jan  3  1994 bin
   drwxr-xr-x   2 root     wheel        1024 Jan  3  1994 etc
   d-wxrwxr-x   2 ftp      wheel        1024 Sep  5 13:43 incoming
   drwxr-xr-x   2 root     wheel        1024 Nov 17  1993 lib
   drwxr-xr-x   6 1094     wheel        1024 Sep 13 19:07 pub
   drwxr-xr-x   3 root     wheel        1024 Jan  3  1994 usr
   -rw-r--r--   1 root     root          312 Aug  1  1994 welcome.msg
   '226 Transfer complete.'
   >>> ftps.quit()
   >>>
   .. attribute:: all_errors
@ -329,3 +364,26 @@ followed by ``lines`` for the text version or ``binary`` for the binary version.
   :meth:`close` or :meth:`quit` you cannot reopen the connection by issuing
   another :meth:`login` method).
 FTP_TLS Objects
 ---------------
 :class:`FTP_TLS` class inherits from :class:`FTP`, defining these additional objects:
 .. attribute:: FTP_TLS.ssl_version
   The SSL version to use (defaults to *TLSv1*).
 .. method:: FTP_TLS.auth()
   Set up secure control connection by using TLS or SSL, depending on what specified in :meth:`ssl_version` attribute.
 .. method:: FTP_TLS.prot_p()
   Set up secure data connection.
 .. method:: FTP_TLS.prot_c()
   Set up clear text data connection.
--- a/Lib/ftplib.py
+++ b/Lib/ftplib.py
@ -33,6 +33,7 @@ python ftplib.py -d localhost -l -p -l
 # Modified by Jack to work on the mac.
 # Modified by Siebren to support docstrings and PASV.
 # Modified by Phil Schwartz to add storbinary and storlines callbacks.
 # Modified by Giampaolo Rodola' to add TLS support.
 #
 import os
@ -575,6 +576,181 @@ class FTP:
            self.file = self.sock = None
 try:
    import ssl
 except ImportError:
    pass
 else:
    class FTP_TLS(FTP):
        '''A FTP subclass which adds TLS support to FTP as described
        in RFC-4217.
        Connect as usual to port 21 implicitly securing the FTP control
        connection before authenticating.
        Securing the data connection requires user to explicitly ask
        for it by calling prot_p() method.
        Usage example:
        >>> from ftplib import FTP_TLS
        >>> ftps = FTP_TLS('ftp.python.org')
        >>> ftps.login()  # login anonimously previously securing control channel
        '230 Guest login ok, access restrictions apply.'
        >>> ftps.prot_p()  # switch to secure data connection
        '200 Protection level set to P'
        >>> ftps.retrlines('LIST')  # list directory content securely
        total 9
        drwxr-xr-x   8 root     wheel        1024 Jan  3  1994 .
        drwxr-xr-x   8 root     wheel        1024 Jan  3  1994 ..
        drwxr-xr-x   2 root     wheel        1024 Jan  3  1994 bin
        drwxr-xr-x   2 root     wheel        1024 Jan  3  1994 etc
        d-wxrwxr-x   2 ftp      wheel        1024 Sep  5 13:43 incoming
        drwxr-xr-x   2 root     wheel        1024 Nov 17  1993 lib
        drwxr-xr-x   6 1094     wheel        1024 Sep 13 19:07 pub
        drwxr-xr-x   3 root     wheel        1024 Jan  3  1994 usr
        -rw-r--r--   1 root     root          312 Aug  1  1994 welcome.msg
        '226 Transfer complete.'
        >>> ftps.quit()
        '221 Goodbye.'
        >>>
        '''
        ssl_version = ssl.PROTOCOL_TLSv1
        def __init__(self, host='', user='', passwd='', acct='', keyfile=None,
                     certfile=None, timeout=_GLOBAL_DEFAULT_TIMEOUT):
            self.keyfile = keyfile
            self.certfile = certfile
            self._prot_p = False
            FTP.__init__(self, host, user, passwd, acct, timeout)
        def login(self, user='', passwd='', acct='', secure=True):
            if secure and not isinstance(self.sock, ssl.SSLSocket):
                self.auth()
            return FTP.login(self, user, passwd, acct)
        def auth(self):
            '''Set up secure control connection by using TLS/SSL.'''
            if isinstance(self.sock, ssl.SSLSocket):
                raise ValueError("Already using TLS")
            if self.ssl_version == ssl.PROTOCOL_TLSv1:
                resp = self.voidcmd('AUTH TLS')
            else:
                resp = self.voidcmd('AUTH SSL')
            self.sock = ssl.wrap_socket(self.sock, self.keyfile, self.certfile,
                                        ssl_version=self.ssl_version)
            self.file = self.sock.makefile(mode='rb')
            return resp
        def prot_p(self):
            '''Set up secure data connection.'''
            # PROT defines whether or not the data channel is to be protected.
            # Though RFC-2228 defines four possible protection levels,
            # RFC-4217 only recommends two, Clear and Private.
            # Clear (PROT C) means that no security is to be used on the
            # data-channel, Private (PROT P) means that the data-channel
            # should be protected by TLS.
            # PBSZ command MUST still be issued, but must have a parameter of
            # '0' to indicate that no buffering is taking place and the data
            # connection should not be encapsulated.
            self.voidcmd('PBSZ 0')
            resp = self.voidcmd('PROT P')
            self._prot_p = True
            return resp
        def prot_c(self):
            '''Set up clear text data connection.'''
            resp = self.voidcmd('PROT C')
            self._prot_p = False
            return resp
        # --- Overridden FTP methods
        def ntransfercmd(self, cmd, rest=None):
            conn, size = FTP.ntransfercmd(self, cmd, rest)
            if self._prot_p:
                conn = ssl.wrap_socket(conn, self.keyfile, self.certfile,
                                       ssl_version=self.ssl_version)
            return conn, size
        def retrbinary(self, cmd, callback, blocksize=8192, rest=None):
            self.voidcmd('TYPE I')
            conn = self.transfercmd(cmd, rest)
            try:
                while 1:
                    data = conn.recv(blocksize)
                    if not data:
                        break
                    callback(data)
                # shutdown ssl layer
                if isinstance(conn, ssl.SSLSocket):
                    conn.unwrap()
            finally:
                conn.close()
            return self.voidresp()
        def retrlines(self, cmd, callback = None):
            if callback is None: callback = print_line
            resp = self.sendcmd('TYPE A')
            conn = self.transfercmd(cmd)
            fp = conn.makefile('rb')
            try:
                while 1:
                    line = fp.readline()
                    if self.debugging > 2: print '*retr*', repr(line)
                    if not line:
                        break
                    if line[-2:] == CRLF:
                        line = line[:-2]
                    elif line[-1:] == '\n':
                        line = line[:-1]
                    callback(line)
                # shutdown ssl layer
                if isinstance(conn, ssl.SSLSocket):
                    conn.unwrap()
            finally:
                fp.close()
                conn.close()
            return self.voidresp()
        def storbinary(self, cmd, fp, blocksize=8192, callback=None):
            self.voidcmd('TYPE I')
            conn = self.transfercmd(cmd)
            try:
                while 1:
                    buf = fp.read(blocksize)
                    if not buf: break
                    conn.sendall(buf)
                    if callback: callback(buf)
                # shutdown ssl layer
                if isinstance(conn, ssl.SSLSocket):
                    conn.unwrap()
            finally:
                conn.close()
            return self.voidresp()
        def storlines(self, cmd, fp, callback=None):
            self.voidcmd('TYPE A')
            conn = self.transfercmd(cmd)
            try:
                while 1:
                    buf = fp.readline()
                    if not buf: break
                    if buf[-2:] != CRLF:
                        if buf[-1] in CRLF: buf = buf[:-1]
                        buf = buf + CRLF
                    conn.sendall(buf)
                    if callback: callback(buf)
                # shutdown ssl layer
                if isinstance(conn, ssl.SSLSocket):
                    conn.unwrap()
            finally:
                conn.close()
            return self.voidresp()
    __all__.append('FTP_TLS')
    all_errors = (Error, IOError, EOFError, ssl.SSLError)
 _150_re = None
 def parse150(resp):
--- a/Lib/test/test_ftplib.py
+++ b/Lib/test/test_ftplib.py
@ -1,6 +1,7 @@
 """Test script for ftplib module."""
-# Modified by Giampaolo Rodola' to test FTP class and IPv6 environment
+# Modified by Giampaolo Rodola' to test FTP class, IPv6 and TLS
 # environment
 import ftplib
 import threading
@ -8,6 +9,12 @@ import asyncore
 import asynchat
 import socket
 import StringIO
 import errno
 import os
 try:
    import ssl
 except ImportError:
    ssl = None
 from unittest import TestCase
 from test import test_support
@ -38,6 +45,8 @@ class DummyDTPHandler(asynchat.async_chat):
 class DummyFTPHandler(asynchat.async_chat):
    dtp_handler = DummyDTPHandler
    def __init__(self, conn):
        asynchat.async_chat.__init__(self, conn)
        self.set_terminator("\r\n")
@ -81,7 +90,7 @@ class DummyFTPHandler(asynchat.async_chat):
        ip = '%d.%d.%d.%d' %tuple(addr[:4])
        port = (addr[4] * 256) + addr[5]
        s = socket.create_connection((ip, port), timeout=2)
-        self.dtp = DummyDTPHandler(s, baseclass=self)
+        self.dtp = self.dtp_handler(s, baseclass=self)
        self.push('200 active data connection established')
    def cmd_pasv(self, arg):
@ -93,13 +102,13 @@ class DummyFTPHandler(asynchat.async_chat):
        ip = ip.replace('.', ','); p1 = port / 256; p2 = port % 256
        self.push('227 entering passive mode (%s,%d,%d)' %(ip, p1, p2))
        conn, addr = sock.accept()
-        self.dtp = DummyDTPHandler(conn, baseclass=self)
+        self.dtp = self.dtp_handler(conn, baseclass=self)
    def cmd_eprt(self, arg):
        af, ip, port = arg.split(arg[0])[1:-1]
        port = int(port)
        s = socket.create_connection((ip, port), timeout=2)
-        self.dtp = DummyDTPHandler(s, baseclass=self)
+        self.dtp = self.dtp_handler(s, baseclass=self)
        self.push('200 active data connection established')
    def cmd_epsv(self, arg):
@ -110,7 +119,7 @@ class DummyFTPHandler(asynchat.async_chat):
        port = sock.getsockname()[1]
        self.push('229 entering extended passive mode (|||%d|)' %port)
        conn, addr = sock.accept()
-        self.dtp = DummyDTPHandler(conn, baseclass=self)
+        self.dtp = self.dtp_handler(conn, baseclass=self)
    def cmd_echo(self, arg):
        # sends back the received string (used by the test suite)
@ -225,6 +234,126 @@ class DummyFTPServer(asyncore.dispatcher, threading.Thread):
        raise
 if ssl is not None:
    CERTFILE = os.path.join(os.path.dirname(__file__), "keycert.pem")
    class SSLConnection(object, asyncore.dispatcher):
        """An asyncore.dispatcher subclass supporting TLS/SSL."""
        _ssl_accepting = False
        def secure_connection(self):
            self.socket = ssl.wrap_socket(self.socket, suppress_ragged_eofs=False,
                                          certfile=CERTFILE, server_side=True,
                                          do_handshake_on_connect=False,
                                          ssl_version=ssl.PROTOCOL_SSLv23)
            self._ssl_accepting = True
        def _do_ssl_handshake(self):
            try:
                self.socket.do_handshake()
            except ssl.SSLError, err:
                if err.args[0] in (ssl.SSL_ERROR_WANT_READ,
                                   ssl.SSL_ERROR_WANT_WRITE):
                    return
                elif err.args[0] == ssl.SSL_ERROR_EOF:
                    return self.handle_close()
                raise
            except socket.error, err:
                if err.args[0] == errno.ECONNABORTED:
                    return self.handle_close()
            else:
                self._ssl_accepting = False
        def handle_read_event(self):
            if self._ssl_accepting:
                self._do_ssl_handshake()
            else:
                super(SSLConnection, self).handle_read_event()
        def handle_write_event(self):
            if self._ssl_accepting:
                self._do_ssl_handshake()
            else:
                super(SSLConnection, self).handle_write_event()
        def send(self, data):
            try:
                return super(SSLConnection, self).send(data)
            except ssl.SSLError, err:
                if err.args[0] in (ssl.SSL_ERROR_EOF, ssl.SSL_ERROR_ZERO_RETURN):
                    return 0
                raise
        def recv(self, buffer_size):
            try:
                return super(SSLConnection, self).recv(buffer_size)
            except ssl.SSLError, err:
                if err.args[0] in (ssl.SSL_ERROR_EOF, ssl.SSL_ERROR_ZERO_RETURN):
                    self.handle_close()
                    return ''
                raise
        def handle_error(self):
            raise
        def close(self):
            try:
                if isinstance(self.socket, ssl.SSLSocket):
                    if self.socket._sslobj is not None:
                        self.socket.unwrap()
            finally:
                super(SSLConnection, self).close()
    class DummyTLS_DTPHandler(SSLConnection, DummyDTPHandler):
        """A DummyDTPHandler subclass supporting TLS/SSL."""
        def __init__(self, conn, baseclass):
            DummyDTPHandler.__init__(self, conn, baseclass)
            if self.baseclass.secure_data_channel:
                self.secure_connection()
    class DummyTLS_FTPHandler(SSLConnection, DummyFTPHandler):
        """A DummyFTPHandler subclass supporting TLS/SSL."""
        dtp_handler = DummyTLS_DTPHandler
        def __init__(self, conn):
            DummyFTPHandler.__init__(self, conn)
            self.secure_data_channel = False
        def cmd_auth(self, line):
            """Set up secure control channel."""
            self.push('234 AUTH TLS successful')
            self.secure_connection()
        def cmd_pbsz(self, line):
            """Negotiate size of buffer for secure data transfer.
            For TLS/SSL the only valid value for the parameter is '0'.
            Any other value is accepted but ignored.
            """
            self.push('200 PBSZ=0 successful.')
        def cmd_prot(self, line):
            """Setup un/secure data channel."""
            arg = line.upper()
            if arg == 'C':
                self.push('200 Protection set to Clear')
                self.secure_data_channel = False
            elif arg == 'P':
                self.push('200 Protection set to Private')
                self.secure_data_channel = True
            else:
                self.push("502 Unrecognized PROT type (use C or P).")
    class DummyTLS_FTPServer(DummyFTPServer):
        handler = DummyTLS_FTPHandler
 class TestFTPClass(TestCase):
    def setUp(self):
@ -398,6 +527,81 @@ class TestIPv6Environment(TestCase):
        retr()
 class TestTLS_FTPClassMixin(TestFTPClass):
    """Repeat TestFTPClass tests starting the TLS layer for both control
    and data connections first.
    """
    def setUp(self):
        self.server = DummyTLS_FTPServer((HOST, 0))
        self.server.start()
        self.client = ftplib.FTP_TLS(timeout=2)
        self.client.connect(self.server.host, self.server.port)
        # enable TLS
        self.client.auth()
        self.client.prot_p()
 class TestTLS_FTPClass(TestCase):
    """Specific TLS_FTP class tests."""
    def setUp(self):
        self.server = DummyTLS_FTPServer((HOST, 0))
        self.server.start()
        self.client = ftplib.FTP_TLS(timeout=2)
        self.client.connect(self.server.host, self.server.port)
    def tearDown(self):
        self.client.close()
        self.server.stop()
    def test_control_connection(self):
        self.assertFalse(isinstance(self.client.sock, ssl.SSLSocket))
        self.client.auth()
        self.assertTrue(isinstance(self.client.sock, ssl.SSLSocket))
    def test_data_connection(self):
        # clear text
        sock = self.client.transfercmd('list')
        self.assertFalse(isinstance(sock, ssl.SSLSocket))
        sock.close()
        self.client.voidresp()
        # secured, after PROT P
        self.client.prot_p()
        sock = self.client.transfercmd('list')
        self.assertTrue(isinstance(sock, ssl.SSLSocket))
        sock.close()
        self.client.voidresp()
        # PROT C is issued, the connection must be in cleartext again
        self.client.prot_c()
        sock = self.client.transfercmd('list')
        self.assertFalse(isinstance(sock, ssl.SSLSocket))
        sock.close()
        self.client.voidresp()
    def test_login(self):
        # login() is supposed to implicitly secure the control connection
        self.assertFalse(isinstance(self.client.sock, ssl.SSLSocket))
        self.client.login()
        self.assertTrue(isinstance(self.client.sock, ssl.SSLSocket))
        # make sure that AUTH TLS doesn't get issued again
        self.client.login()
    def test_auth_issued_twice(self):
        self.client.auth()
        self.assertRaises(ValueError, self.client.auth)
    def test_auth_ssl(self):
        try:
            self.client.ssl_version = ssl.PROTOCOL_SSLv3
            self.client.auth()
            self.assertRaises(ValueError, self.client.auth)
        finally:
            self.client.ssl_version = ssl.PROTOCOL_TLSv1
 class TestTimeouts(TestCase):
    def setUp(self):
@ -499,6 +703,10 @@ def test_main():
            pass
        else:
            tests.append(TestIPv6Environment)
    if ssl is not None:
        tests.extend([TestTLS_FTPClassMixin, TestTLS_FTPClass])
    thread_info = test_support.threading_setup()
    try:
        test_support.run_unittest(*tests)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@ -429,6 +429,9 @@ Core and Builtins
 Library
 -------
 - Issue #2054: ftplib now provides an FTP_TLS class to do secure FTP using
  TLS or SSL.  Patch by Giampaolo Rodola'.
 - Issue #4969: The mimetypes module now reads the MIME database from
  the registry under Windows.  Patch by Gabriel Genellina.