Merged revisions 76309 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk ........ r76309 | antoine.pitrou | 2009-11-15 18:22:09 +0100 (dim., 15 nov. 2009) | 4 lines Issue #2054: ftplib now provides an FTP_TLS class to do secure FTP using TLS or SSL. Patch by Giampaolo Rodola'. ........
This commit is contained in:
parent
1309adb06a
commit
f988cd03fb
|
@ -46,6 +46,42 @@ The module defines the following items:
|
||||||
connection attempt (if is not specified, the global default timeout setting
|
connection attempt (if is not specified, the global default timeout setting
|
||||||
will be used).
|
will be used).
|
||||||
|
|
||||||
|
.. class:: FTP_TLS(host='', user='', passwd='', acct='', [keyfile[, certfile[, timeout]]])
|
||||||
|
|
||||||
|
A :class:`FTP` subclass which adds TLS support to FTP as described in
|
||||||
|
:rfc:`4217`.
|
||||||
|
Connect as usual to port 21 implicitly securing the FTP control connection
|
||||||
|
before authenticating. Securing the data connection requires user to
|
||||||
|
explicitly ask for it by calling :exc:`prot_p()` method.
|
||||||
|
*keyfile* and *certfile* are optional - they can contain a PEM formatted
|
||||||
|
private key and certificate chain file for the SSL connection.
|
||||||
|
|
||||||
|
.. versionadded:: 3.2 Contributed by Giampaolo Rodola'
|
||||||
|
|
||||||
|
|
||||||
|
Here's a sample session using :class:`FTP_TLS` class:
|
||||||
|
|
||||||
|
>>> from ftplib import FTP_TLS
|
||||||
|
>>> ftps = FTP_TLS('ftp.python.org')
|
||||||
|
>>> ftps.login() # login anonimously previously securing control channel
|
||||||
|
>>> ftps.prot_p() # switch to secure data connection
|
||||||
|
>>> ftps.retrlines('LIST') # list directory content securely
|
||||||
|
total 9
|
||||||
|
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 .
|
||||||
|
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 ..
|
||||||
|
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 bin
|
||||||
|
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 etc
|
||||||
|
d-wxrwxr-x 2 ftp wheel 1024 Sep 5 13:43 incoming
|
||||||
|
drwxr-xr-x 2 root wheel 1024 Nov 17 1993 lib
|
||||||
|
drwxr-xr-x 6 1094 wheel 1024 Sep 13 19:07 pub
|
||||||
|
drwxr-xr-x 3 root wheel 1024 Jan 3 1994 usr
|
||||||
|
-rw-r--r-- 1 root root 312 Aug 1 1994 welcome.msg
|
||||||
|
'226 Transfer complete.'
|
||||||
|
>>> ftps.quit()
|
||||||
|
>>>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
.. attribute:: all_errors
|
.. attribute:: all_errors
|
||||||
|
|
||||||
The set of all exceptions (as a tuple) that methods of :class:`FTP`
|
The set of all exceptions (as a tuple) that methods of :class:`FTP`
|
||||||
|
@ -312,3 +348,26 @@ followed by ``lines`` for the text version or ``binary`` for the binary version.
|
||||||
:meth:`close` or :meth:`quit` you cannot reopen the connection by issuing
|
:meth:`close` or :meth:`quit` you cannot reopen the connection by issuing
|
||||||
another :meth:`login` method).
|
another :meth:`login` method).
|
||||||
|
|
||||||
|
|
||||||
|
FTP_TLS Objects
|
||||||
|
---------------
|
||||||
|
|
||||||
|
:class:`FTP_TLS` class inherits from :class:`FTP`, defining these additional objects:
|
||||||
|
|
||||||
|
.. attribute:: FTP_TLS.ssl_version
|
||||||
|
|
||||||
|
The SSL version to use (defaults to *TLSv1*).
|
||||||
|
|
||||||
|
.. method:: FTP_TLS.auth()
|
||||||
|
|
||||||
|
Set up secure control connection by using TLS or SSL, depending on what specified in :meth:`ssl_version` attribute.
|
||||||
|
|
||||||
|
.. method:: FTP_TLS.prot_p()
|
||||||
|
|
||||||
|
Set up secure data connection.
|
||||||
|
|
||||||
|
.. method:: FTP_TLS.prot_c()
|
||||||
|
|
||||||
|
Set up clear text data connection.
|
||||||
|
|
||||||
|
|
||||||
|
|
176
Lib/ftplib.py
176
Lib/ftplib.py
|
@ -33,6 +33,7 @@ python ftplib.py -d localhost -l -p -l
|
||||||
# Modified by Jack to work on the mac.
|
# Modified by Jack to work on the mac.
|
||||||
# Modified by Siebren to support docstrings and PASV.
|
# Modified by Siebren to support docstrings and PASV.
|
||||||
# Modified by Phil Schwartz to add storbinary and storlines callbacks.
|
# Modified by Phil Schwartz to add storbinary and storlines callbacks.
|
||||||
|
# Modified by Giampaolo Rodola' to add TLS support.
|
||||||
#
|
#
|
||||||
|
|
||||||
import os
|
import os
|
||||||
|
@ -577,6 +578,181 @@ class FTP:
|
||||||
self.file = self.sock = None
|
self.file = self.sock = None
|
||||||
|
|
||||||
|
|
||||||
|
try:
|
||||||
|
import ssl
|
||||||
|
except ImportError:
|
||||||
|
pass
|
||||||
|
else:
|
||||||
|
class FTP_TLS(FTP):
|
||||||
|
'''A FTP subclass which adds TLS support to FTP as described
|
||||||
|
in RFC-4217.
|
||||||
|
|
||||||
|
Connect as usual to port 21 implicitly securing the FTP control
|
||||||
|
connection before authenticating.
|
||||||
|
|
||||||
|
Securing the data connection requires user to explicitly ask
|
||||||
|
for it by calling prot_p() method.
|
||||||
|
|
||||||
|
Usage example:
|
||||||
|
>>> from ftplib import FTP_TLS
|
||||||
|
>>> ftps = FTP_TLS('ftp.python.org')
|
||||||
|
>>> ftps.login() # login anonimously previously securing control channel
|
||||||
|
'230 Guest login ok, access restrictions apply.'
|
||||||
|
>>> ftps.prot_p() # switch to secure data connection
|
||||||
|
'200 Protection level set to P'
|
||||||
|
>>> ftps.retrlines('LIST') # list directory content securely
|
||||||
|
total 9
|
||||||
|
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 .
|
||||||
|
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 ..
|
||||||
|
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 bin
|
||||||
|
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 etc
|
||||||
|
d-wxrwxr-x 2 ftp wheel 1024 Sep 5 13:43 incoming
|
||||||
|
drwxr-xr-x 2 root wheel 1024 Nov 17 1993 lib
|
||||||
|
drwxr-xr-x 6 1094 wheel 1024 Sep 13 19:07 pub
|
||||||
|
drwxr-xr-x 3 root wheel 1024 Jan 3 1994 usr
|
||||||
|
-rw-r--r-- 1 root root 312 Aug 1 1994 welcome.msg
|
||||||
|
'226 Transfer complete.'
|
||||||
|
>>> ftps.quit()
|
||||||
|
'221 Goodbye.'
|
||||||
|
>>>
|
||||||
|
'''
|
||||||
|
ssl_version = ssl.PROTOCOL_TLSv1
|
||||||
|
|
||||||
|
def __init__(self, host='', user='', passwd='', acct='', keyfile=None,
|
||||||
|
certfile=None, timeout=_GLOBAL_DEFAULT_TIMEOUT):
|
||||||
|
self.keyfile = keyfile
|
||||||
|
self.certfile = certfile
|
||||||
|
self._prot_p = False
|
||||||
|
FTP.__init__(self, host, user, passwd, acct, timeout)
|
||||||
|
|
||||||
|
def login(self, user='', passwd='', acct='', secure=True):
|
||||||
|
if secure and not isinstance(self.sock, ssl.SSLSocket):
|
||||||
|
self.auth()
|
||||||
|
return FTP.login(self, user, passwd, acct)
|
||||||
|
|
||||||
|
def auth(self):
|
||||||
|
'''Set up secure control connection by using TLS/SSL.'''
|
||||||
|
if isinstance(self.sock, ssl.SSLSocket):
|
||||||
|
raise ValueError("Already using TLS")
|
||||||
|
if self.ssl_version == ssl.PROTOCOL_TLSv1:
|
||||||
|
resp = self.voidcmd('AUTH TLS')
|
||||||
|
else:
|
||||||
|
resp = self.voidcmd('AUTH SSL')
|
||||||
|
self.sock = ssl.wrap_socket(self.sock, self.keyfile, self.certfile,
|
||||||
|
ssl_version=self.ssl_version)
|
||||||
|
self.file = self.sock.makefile(mode='r', encoding=self.encoding)
|
||||||
|
return resp
|
||||||
|
|
||||||
|
def prot_p(self):
|
||||||
|
'''Set up secure data connection.'''
|
||||||
|
# PROT defines whether or not the data channel is to be protected.
|
||||||
|
# Though RFC-2228 defines four possible protection levels,
|
||||||
|
# RFC-4217 only recommends two, Clear and Private.
|
||||||
|
# Clear (PROT C) means that no security is to be used on the
|
||||||
|
# data-channel, Private (PROT P) means that the data-channel
|
||||||
|
# should be protected by TLS.
|
||||||
|
# PBSZ command MUST still be issued, but must have a parameter of
|
||||||
|
# '0' to indicate that no buffering is taking place and the data
|
||||||
|
# connection should not be encapsulated.
|
||||||
|
self.voidcmd('PBSZ 0')
|
||||||
|
resp = self.voidcmd('PROT P')
|
||||||
|
self._prot_p = True
|
||||||
|
return resp
|
||||||
|
|
||||||
|
def prot_c(self):
|
||||||
|
'''Set up clear text data connection.'''
|
||||||
|
resp = self.voidcmd('PROT C')
|
||||||
|
self._prot_p = False
|
||||||
|
return resp
|
||||||
|
|
||||||
|
# --- Overridden FTP methods
|
||||||
|
|
||||||
|
def ntransfercmd(self, cmd, rest=None):
|
||||||
|
conn, size = FTP.ntransfercmd(self, cmd, rest)
|
||||||
|
if self._prot_p:
|
||||||
|
conn = ssl.wrap_socket(conn, self.keyfile, self.certfile,
|
||||||
|
ssl_version=self.ssl_version)
|
||||||
|
return conn, size
|
||||||
|
|
||||||
|
def retrbinary(self, cmd, callback, blocksize=8192, rest=None):
|
||||||
|
self.voidcmd('TYPE I')
|
||||||
|
conn = self.transfercmd(cmd, rest)
|
||||||
|
try:
|
||||||
|
while 1:
|
||||||
|
data = conn.recv(blocksize)
|
||||||
|
if not data:
|
||||||
|
break
|
||||||
|
callback(data)
|
||||||
|
# shutdown ssl layer
|
||||||
|
if isinstance(conn, ssl.SSLSocket):
|
||||||
|
conn.unwrap()
|
||||||
|
finally:
|
||||||
|
conn.close()
|
||||||
|
return self.voidresp()
|
||||||
|
|
||||||
|
def retrlines(self, cmd, callback = None):
|
||||||
|
if callback is None: callback = print_line
|
||||||
|
resp = self.sendcmd('TYPE A')
|
||||||
|
conn = self.transfercmd(cmd)
|
||||||
|
fp = conn.makefile('r', encoding=self.encoding)
|
||||||
|
try:
|
||||||
|
while 1:
|
||||||
|
line = fp.readline()
|
||||||
|
if self.debugging > 2: print('*retr*', repr(line))
|
||||||
|
if not line:
|
||||||
|
break
|
||||||
|
if line[-2:] == CRLF:
|
||||||
|
line = line[:-2]
|
||||||
|
elif line[-1:] == '\n':
|
||||||
|
line = line[:-1]
|
||||||
|
callback(line)
|
||||||
|
# shutdown ssl layer
|
||||||
|
if isinstance(conn, ssl.SSLSocket):
|
||||||
|
conn.unwrap()
|
||||||
|
finally:
|
||||||
|
fp.close()
|
||||||
|
conn.close()
|
||||||
|
return self.voidresp()
|
||||||
|
|
||||||
|
def storbinary(self, cmd, fp, blocksize=8192, callback=None):
|
||||||
|
self.voidcmd('TYPE I')
|
||||||
|
conn = self.transfercmd(cmd)
|
||||||
|
try:
|
||||||
|
while 1:
|
||||||
|
buf = fp.read(blocksize)
|
||||||
|
if not buf: break
|
||||||
|
conn.sendall(buf)
|
||||||
|
if callback: callback(buf)
|
||||||
|
# shutdown ssl layer
|
||||||
|
if isinstance(conn, ssl.SSLSocket):
|
||||||
|
conn.unwrap()
|
||||||
|
finally:
|
||||||
|
conn.close()
|
||||||
|
return self.voidresp()
|
||||||
|
|
||||||
|
def storlines(self, cmd, fp, callback=None):
|
||||||
|
self.voidcmd('TYPE A')
|
||||||
|
conn = self.transfercmd(cmd)
|
||||||
|
try:
|
||||||
|
while 1:
|
||||||
|
buf = fp.readline()
|
||||||
|
if not buf: break
|
||||||
|
if buf[-2:] != B_CRLF:
|
||||||
|
if buf[-1] in B_CRLF: buf = buf[:-1]
|
||||||
|
buf = buf + B_CRLF
|
||||||
|
conn.sendall(buf)
|
||||||
|
if callback: callback(buf)
|
||||||
|
# shutdown ssl layer
|
||||||
|
if isinstance(conn, ssl.SSLSocket):
|
||||||
|
conn.unwrap()
|
||||||
|
finally:
|
||||||
|
conn.close()
|
||||||
|
return self.voidresp()
|
||||||
|
|
||||||
|
__all__.append('FTP_TLS')
|
||||||
|
all_errors = (Error, IOError, EOFError, ssl.SSLError)
|
||||||
|
|
||||||
|
|
||||||
_150_re = None
|
_150_re = None
|
||||||
|
|
||||||
def parse150(resp):
|
def parse150(resp):
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
"""Test script for ftplib module."""
|
"""Test script for ftplib module."""
|
||||||
|
|
||||||
# Modified by Giampaolo Rodola' to test FTP class and IPv6 environment
|
# Modified by Giampaolo Rodola' to test FTP class, IPv6 and TLS
|
||||||
|
# environment
|
||||||
|
|
||||||
import ftplib
|
import ftplib
|
||||||
import threading
|
import threading
|
||||||
|
@ -8,6 +9,12 @@ import asyncore
|
||||||
import asynchat
|
import asynchat
|
||||||
import socket
|
import socket
|
||||||
import io
|
import io
|
||||||
|
import errno
|
||||||
|
import os
|
||||||
|
try:
|
||||||
|
import ssl
|
||||||
|
except ImportError:
|
||||||
|
ssl = None
|
||||||
|
|
||||||
from unittest import TestCase
|
from unittest import TestCase
|
||||||
from test import support
|
from test import support
|
||||||
|
@ -40,6 +47,8 @@ class DummyDTPHandler(asynchat.async_chat):
|
||||||
|
|
||||||
class DummyFTPHandler(asynchat.async_chat):
|
class DummyFTPHandler(asynchat.async_chat):
|
||||||
|
|
||||||
|
dtp_handler = DummyDTPHandler
|
||||||
|
|
||||||
def __init__(self, conn):
|
def __init__(self, conn):
|
||||||
asynchat.async_chat.__init__(self, conn)
|
asynchat.async_chat.__init__(self, conn)
|
||||||
self.set_terminator(b"\r\n")
|
self.set_terminator(b"\r\n")
|
||||||
|
@ -83,7 +92,7 @@ class DummyFTPHandler(asynchat.async_chat):
|
||||||
ip = '%d.%d.%d.%d' %tuple(addr[:4])
|
ip = '%d.%d.%d.%d' %tuple(addr[:4])
|
||||||
port = (addr[4] * 256) + addr[5]
|
port = (addr[4] * 256) + addr[5]
|
||||||
s = socket.create_connection((ip, port), timeout=2)
|
s = socket.create_connection((ip, port), timeout=2)
|
||||||
self.dtp = DummyDTPHandler(s, baseclass=self)
|
self.dtp = self.dtp_handler(s, baseclass=self)
|
||||||
self.push('200 active data connection established')
|
self.push('200 active data connection established')
|
||||||
|
|
||||||
def cmd_pasv(self, arg):
|
def cmd_pasv(self, arg):
|
||||||
|
@ -95,13 +104,13 @@ class DummyFTPHandler(asynchat.async_chat):
|
||||||
ip = ip.replace('.', ','); p1 = port / 256; p2 = port % 256
|
ip = ip.replace('.', ','); p1 = port / 256; p2 = port % 256
|
||||||
self.push('227 entering passive mode (%s,%d,%d)' %(ip, p1, p2))
|
self.push('227 entering passive mode (%s,%d,%d)' %(ip, p1, p2))
|
||||||
conn, addr = sock.accept()
|
conn, addr = sock.accept()
|
||||||
self.dtp = DummyDTPHandler(conn, baseclass=self)
|
self.dtp = self.dtp_handler(conn, baseclass=self)
|
||||||
|
|
||||||
def cmd_eprt(self, arg):
|
def cmd_eprt(self, arg):
|
||||||
af, ip, port = arg.split(arg[0])[1:-1]
|
af, ip, port = arg.split(arg[0])[1:-1]
|
||||||
port = int(port)
|
port = int(port)
|
||||||
s = socket.create_connection((ip, port), timeout=2)
|
s = socket.create_connection((ip, port), timeout=2)
|
||||||
self.dtp = DummyDTPHandler(s, baseclass=self)
|
self.dtp = self.dtp_handler(s, baseclass=self)
|
||||||
self.push('200 active data connection established')
|
self.push('200 active data connection established')
|
||||||
|
|
||||||
def cmd_epsv(self, arg):
|
def cmd_epsv(self, arg):
|
||||||
|
@ -112,7 +121,7 @@ class DummyFTPHandler(asynchat.async_chat):
|
||||||
port = sock.getsockname()[1]
|
port = sock.getsockname()[1]
|
||||||
self.push('229 entering extended passive mode (|||%d|)' %port)
|
self.push('229 entering extended passive mode (|||%d|)' %port)
|
||||||
conn, addr = sock.accept()
|
conn, addr = sock.accept()
|
||||||
self.dtp = DummyDTPHandler(conn, baseclass=self)
|
self.dtp = self.dtp_handler(conn, baseclass=self)
|
||||||
|
|
||||||
def cmd_echo(self, arg):
|
def cmd_echo(self, arg):
|
||||||
# sends back the received string (used by the test suite)
|
# sends back the received string (used by the test suite)
|
||||||
|
@ -227,6 +236,128 @@ class DummyFTPServer(asyncore.dispatcher, threading.Thread):
|
||||||
raise
|
raise
|
||||||
|
|
||||||
|
|
||||||
|
if ssl is not None:
|
||||||
|
|
||||||
|
CERTFILE = os.path.join(os.path.dirname(__file__), "keycert.pem")
|
||||||
|
|
||||||
|
class SSLConnection(asyncore.dispatcher):
|
||||||
|
"""An asyncore.dispatcher subclass supporting TLS/SSL."""
|
||||||
|
|
||||||
|
_ssl_accepting = False
|
||||||
|
|
||||||
|
def secure_connection(self):
|
||||||
|
self.del_channel()
|
||||||
|
socket = ssl.wrap_socket(self.socket, suppress_ragged_eofs=False,
|
||||||
|
certfile=CERTFILE, server_side=True,
|
||||||
|
do_handshake_on_connect=False,
|
||||||
|
ssl_version=ssl.PROTOCOL_SSLv23)
|
||||||
|
self.set_socket(socket)
|
||||||
|
self._ssl_accepting = True
|
||||||
|
|
||||||
|
def _do_ssl_handshake(self):
|
||||||
|
try:
|
||||||
|
self.socket.do_handshake()
|
||||||
|
except ssl.SSLError as err:
|
||||||
|
if err.args[0] in (ssl.SSL_ERROR_WANT_READ,
|
||||||
|
ssl.SSL_ERROR_WANT_WRITE):
|
||||||
|
return
|
||||||
|
elif err.args[0] == ssl.SSL_ERROR_EOF:
|
||||||
|
return self.handle_close()
|
||||||
|
raise
|
||||||
|
except socket.error as err:
|
||||||
|
if err.args[0] == errno.ECONNABORTED:
|
||||||
|
return self.handle_close()
|
||||||
|
else:
|
||||||
|
self._ssl_accepting = False
|
||||||
|
|
||||||
|
def handle_read_event(self):
|
||||||
|
if self._ssl_accepting:
|
||||||
|
self._do_ssl_handshake()
|
||||||
|
else:
|
||||||
|
super(SSLConnection, self).handle_read_event()
|
||||||
|
|
||||||
|
def handle_write_event(self):
|
||||||
|
if self._ssl_accepting:
|
||||||
|
self._do_ssl_handshake()
|
||||||
|
else:
|
||||||
|
super(SSLConnection, self).handle_write_event()
|
||||||
|
|
||||||
|
def send(self, data):
|
||||||
|
try:
|
||||||
|
return super(SSLConnection, self).send(data)
|
||||||
|
except ssl.SSLError as err:
|
||||||
|
if err.args[0] in (ssl.SSL_ERROR_EOF, ssl.SSL_ERROR_ZERO_RETURN):
|
||||||
|
return 0
|
||||||
|
raise
|
||||||
|
|
||||||
|
def recv(self, buffer_size):
|
||||||
|
try:
|
||||||
|
return super(SSLConnection, self).recv(buffer_size)
|
||||||
|
except ssl.SSLError as err:
|
||||||
|
if err.args[0] in (ssl.SSL_ERROR_EOF, ssl.SSL_ERROR_ZERO_RETURN):
|
||||||
|
self.handle_close()
|
||||||
|
return b''
|
||||||
|
raise
|
||||||
|
|
||||||
|
def handle_error(self):
|
||||||
|
raise
|
||||||
|
|
||||||
|
def close(self):
|
||||||
|
try:
|
||||||
|
if isinstance(self.socket, ssl.SSLSocket):
|
||||||
|
if self.socket._sslobj is not None:
|
||||||
|
self.socket.unwrap()
|
||||||
|
finally:
|
||||||
|
super(SSLConnection, self).close()
|
||||||
|
|
||||||
|
|
||||||
|
class DummyTLS_DTPHandler(SSLConnection, DummyDTPHandler):
|
||||||
|
"""A DummyDTPHandler subclass supporting TLS/SSL."""
|
||||||
|
|
||||||
|
def __init__(self, conn, baseclass):
|
||||||
|
DummyDTPHandler.__init__(self, conn, baseclass)
|
||||||
|
if self.baseclass.secure_data_channel:
|
||||||
|
self.secure_connection()
|
||||||
|
|
||||||
|
|
||||||
|
class DummyTLS_FTPHandler(SSLConnection, DummyFTPHandler):
|
||||||
|
"""A DummyFTPHandler subclass supporting TLS/SSL."""
|
||||||
|
|
||||||
|
dtp_handler = DummyTLS_DTPHandler
|
||||||
|
|
||||||
|
def __init__(self, conn):
|
||||||
|
DummyFTPHandler.__init__(self, conn)
|
||||||
|
self.secure_data_channel = False
|
||||||
|
|
||||||
|
def cmd_auth(self, line):
|
||||||
|
"""Set up secure control channel."""
|
||||||
|
self.push('234 AUTH TLS successful')
|
||||||
|
self.secure_connection()
|
||||||
|
|
||||||
|
def cmd_pbsz(self, line):
|
||||||
|
"""Negotiate size of buffer for secure data transfer.
|
||||||
|
For TLS/SSL the only valid value for the parameter is '0'.
|
||||||
|
Any other value is accepted but ignored.
|
||||||
|
"""
|
||||||
|
self.push('200 PBSZ=0 successful.')
|
||||||
|
|
||||||
|
def cmd_prot(self, line):
|
||||||
|
"""Setup un/secure data channel."""
|
||||||
|
arg = line.upper()
|
||||||
|
if arg == 'C':
|
||||||
|
self.push('200 Protection set to Clear')
|
||||||
|
self.secure_data_channel = False
|
||||||
|
elif arg == 'P':
|
||||||
|
self.push('200 Protection set to Private')
|
||||||
|
self.secure_data_channel = True
|
||||||
|
else:
|
||||||
|
self.push("502 Unrecognized PROT type (use C or P).")
|
||||||
|
|
||||||
|
|
||||||
|
class DummyTLS_FTPServer(DummyFTPServer):
|
||||||
|
handler = DummyTLS_FTPHandler
|
||||||
|
|
||||||
|
|
||||||
class TestFTPClass(TestCase):
|
class TestFTPClass(TestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
|
@ -404,6 +535,81 @@ class TestIPv6Environment(TestCase):
|
||||||
retr()
|
retr()
|
||||||
|
|
||||||
|
|
||||||
|
class TestTLS_FTPClassMixin(TestFTPClass):
|
||||||
|
"""Repeat TestFTPClass tests starting the TLS layer for both control
|
||||||
|
and data connections first.
|
||||||
|
"""
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
self.server = DummyTLS_FTPServer((HOST, 0))
|
||||||
|
self.server.start()
|
||||||
|
self.client = ftplib.FTP_TLS(timeout=2)
|
||||||
|
self.client.connect(self.server.host, self.server.port)
|
||||||
|
# enable TLS
|
||||||
|
self.client.auth()
|
||||||
|
self.client.prot_p()
|
||||||
|
|
||||||
|
|
||||||
|
class TestTLS_FTPClass(TestCase):
|
||||||
|
"""Specific TLS_FTP class tests."""
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
self.server = DummyTLS_FTPServer((HOST, 0))
|
||||||
|
self.server.start()
|
||||||
|
self.client = ftplib.FTP_TLS(timeout=2)
|
||||||
|
self.client.connect(self.server.host, self.server.port)
|
||||||
|
|
||||||
|
def tearDown(self):
|
||||||
|
self.client.close()
|
||||||
|
self.server.stop()
|
||||||
|
|
||||||
|
def test_control_connection(self):
|
||||||
|
self.assertFalse(isinstance(self.client.sock, ssl.SSLSocket))
|
||||||
|
self.client.auth()
|
||||||
|
self.assertTrue(isinstance(self.client.sock, ssl.SSLSocket))
|
||||||
|
|
||||||
|
def test_data_connection(self):
|
||||||
|
# clear text
|
||||||
|
sock = self.client.transfercmd('list')
|
||||||
|
self.assertFalse(isinstance(sock, ssl.SSLSocket))
|
||||||
|
sock.close()
|
||||||
|
self.client.voidresp()
|
||||||
|
|
||||||
|
# secured, after PROT P
|
||||||
|
self.client.prot_p()
|
||||||
|
sock = self.client.transfercmd('list')
|
||||||
|
self.assertTrue(isinstance(sock, ssl.SSLSocket))
|
||||||
|
sock.close()
|
||||||
|
self.client.voidresp()
|
||||||
|
|
||||||
|
# PROT C is issued, the connection must be in cleartext again
|
||||||
|
self.client.prot_c()
|
||||||
|
sock = self.client.transfercmd('list')
|
||||||
|
self.assertFalse(isinstance(sock, ssl.SSLSocket))
|
||||||
|
sock.close()
|
||||||
|
self.client.voidresp()
|
||||||
|
|
||||||
|
def test_login(self):
|
||||||
|
# login() is supposed to implicitly secure the control connection
|
||||||
|
self.assertFalse(isinstance(self.client.sock, ssl.SSLSocket))
|
||||||
|
self.client.login()
|
||||||
|
self.assertTrue(isinstance(self.client.sock, ssl.SSLSocket))
|
||||||
|
# make sure that AUTH TLS doesn't get issued again
|
||||||
|
self.client.login()
|
||||||
|
|
||||||
|
def test_auth_issued_twice(self):
|
||||||
|
self.client.auth()
|
||||||
|
self.assertRaises(ValueError, self.client.auth)
|
||||||
|
|
||||||
|
def test_auth_ssl(self):
|
||||||
|
try:
|
||||||
|
self.client.ssl_version = ssl.PROTOCOL_SSLv3
|
||||||
|
self.client.auth()
|
||||||
|
self.assertRaises(ValueError, self.client.auth)
|
||||||
|
finally:
|
||||||
|
self.client.ssl_version = ssl.PROTOCOL_TLSv1
|
||||||
|
|
||||||
|
|
||||||
class TestTimeouts(TestCase):
|
class TestTimeouts(TestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
|
@ -505,6 +711,10 @@ def test_main():
|
||||||
pass
|
pass
|
||||||
else:
|
else:
|
||||||
tests.append(TestIPv6Environment)
|
tests.append(TestIPv6Environment)
|
||||||
|
|
||||||
|
if ssl is not None:
|
||||||
|
tests.extend([TestTLS_FTPClassMixin, TestTLS_FTPClass])
|
||||||
|
|
||||||
thread_info = support.threading_setup()
|
thread_info = support.threading_setup()
|
||||||
try:
|
try:
|
||||||
support.run_unittest(*tests)
|
support.run_unittest(*tests)
|
||||||
|
|
|
@ -137,6 +137,9 @@ C-API
|
||||||
Library
|
Library
|
||||||
-------
|
-------
|
||||||
|
|
||||||
|
- Issue #2054: ftplib now provides an FTP_TLS class to do secure FTP using
|
||||||
|
TLS or SSL. Patch by Giampaolo Rodola'.
|
||||||
|
|
||||||
- Issue #7328: pydoc no longer corrupts sys.path when run with the '-m' switch
|
- Issue #7328: pydoc no longer corrupts sys.path when run with the '-m' switch
|
||||||
|
|
||||||
- Issue #4969: The mimetypes module now reads the MIME database from
|
- Issue #4969: The mimetypes module now reads the MIME database from
|
||||||
|
|
Loading…
Reference in New Issue