Skip to content

Instantly share code, notes, and snippets.

@adiroiban
Created May 25, 2024 09:40
Show Gist options
  • Save adiroiban/1f35bf0844e02fb2bccae167ff26becb to your computer and use it in GitHub Desktop.
Save adiroiban/1f35bf0844e02fb2bccae167ff26becb to your computer and use it in GitHub Desktop.
Fork of Python stdlib ftp client that uses pyOpenSSL
"""
Standard library code adapted to support testing.
Fork of standard library code, started as a backport of Python ftplib from 2.7
to 2.5, and updated with some inspiration from Python 3.8.
https://github.com/python/cpython/blob/3.8/Lib/ftplib.py
This is a quick and dirty port.
pyOpenSSL is used instead of the standard ssl module.
On top of the port, a few extra functionalities were added;
* Add support for FTPS CCC
* Add support for Implicit FTPS
* Allow explicit usage of extended commands.
* Raise an explicit error if command channel was not properly closed.
* Allow using an explicit cipher list.
* Allow using an explicit SSL/TLS method.
* Allow checking server identity.
------------------
An FTP client class and some helper functions.
Based on RFC 959: File Transfer Protocol (FTP), by J. Postel and J. Reynolds
Example:
>>> from ftplib import FTP
>>> ftp = FTP('ftp.python.org') # connect to host, default port
>>> ftp.login() # default, i.e.: user anonymous, passwd anonymous@
'230 Guest login ok, access restrictions apply.'
>>> ftp.retrlines('LIST') # list directory contents
total 9
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 .
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 ..
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 bin
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 etc
d-wxrwxr-x 2 ftp wheel 1024 Sep 5 13:43 incoming
drwxr-xr-x 2 root wheel 1024 Nov 17 1993 lib
drwxr-xr-x 6 1094 wheel 1024 Sep 13 19:07 pub
drwxr-xr-x 3 root wheel 1024 Jan 3 1994 usr
-rw-r--r-- 1 root root 312 Aug 1 1994 welcome.msg
'226 Transfer complete.'
>>> ftp.quit()
'221 Goodbye.'
>>>
A nice test that reveals some of the network dialogue would be:
python ftplib.py -d localhost -l -p -l
"""
#
# Changes and improvements suggested by Steve Majewski.
# Modified by Jack to work on the mac.
# Modified by Siebren to support docstrings and PASV.
# Modified by Phil Schwartz to add storbinary and storlines callbacks.
# Modified by Giampaolo Rodola' to add TLS support.
#
from __future__ import print_function
from __future__ import absolute_import
import errno
import os
import sys
import time
import six
# Import SOCKS module if it exists, else standard socket module socket
try:
import SOCKS
socket = SOCKS
del SOCKS # import SOCKS as socket
from socket import getfqdn
socket.getfqdn = getfqdn
del getfqdn
except ImportError:
import socket
import OpenSSL.SSL as ssl
if six.PY3 or ssl.OPENSSL_VERSION_NUMBER > 0x10101000:
OPENSSL_SECLEVEL = '@SECLEVEL=0'
else:
# Seclevel not supported.
OPENSSL_SECLEVEL = ''
_GLOBAL_DEFAULT_TIMEOUT = 5
__all__ = ["FTP", "Netrc", 'FTP_TLS', 'FTP_TLSI']
# Magic number from <socket.h>
MSG_OOB = 0x1 # Process data out of band
# The standard FTP server control port
FTP_PORT = 21
# Exception raised when an error or invalid response is received
class Error(Exception): pass
class error_closed(Error): pass # Connection is already closed.
class error_reply(Error): pass # unexpected [123]xx reply
class error_temp(Error): pass # 4xx errors
class error_perm(Error): pass # 5xx errors
class error_proto(Error): pass # response does not begin with [1-5]
# All exceptions (hopefully) that may be raised here and that aren't
# (always) programming errors on our side
all_errors = (Error, EnvironmentError, EOFError)
def _read_line(fp):
"""
Read a line in text mode.
"""
result = _read_binary_line(fp)
if six.PY2:
return result.decode('utf-8')
return result
def _read_binary_line(fp):
"""
Helper to read a line and handle various socket errors.
"""
try:
return fp.readline()
except Exception as error:
if error.args[0] == 10054:
# On Windows the socket was already closed.
return b''
raise
# Line terminators (we always output CRLF, but accept any of CRLF, CR, LF)
CRLF = '\r\n'
B_CRLF = b'\r\n'
# The class itself
class FTP:
"""
An FTP client class.
To create a connection, call the class using these arguments:
host, user, passwd, acct, timeout, encoding
The first four arguments are all strings, and have default value ''.
timeout must be numeric and defaults to None if not passed,
meaning that no timeout will be set on any ftp socket(s)
If a timeout is passed, then this is now the default timeout for all ftp
socket operations for this instance.
The last parameter is the encoding of filenames and storlines output.
Then use self.connect() with optional host and port argument.
To download a file, use ftp.retrlines('RETR ' + filename),
or ftp.retrbinary() with slightly different arguments.
To upload a file, use ftp.storlines() or ftp.storbinary(),
which have an open file as argument (see their definitions
below for details).
The download/upload functions first issue appropriate TYPE
and PORT or PASV commands.
"""
debugging = 0
host = ''
port = FTP_PORT
sock = None
file = None
welcome = None
passiveserver = True
extended_address = True
last_passive_host = None
last_passive_port = None
# Data to send soon after the connection.
# Can be used to inject PROXY protocol data.
# It should be a tuple for the command channel data and the passive
# port data.
connect_data = ()
def __init__(self, host='', user='', passwd='', acct='',
timeout=_GLOBAL_DEFAULT_TIMEOUT, encoding='utf-8'):
"""
Initialization method (called by class instantiation).
Initialize host to localhost, port to standard ftp port.
Optional arguments are host (for connect()),
and user, passwd, acct (for login()).
"""
self.encoding = encoding
self.timeout = timeout
if host:
self.connect(host)
if user:
self.login(user, passwd, acct)
def connect(self, host='', port=0, timeout=-999):
"""
Connect to host. Arguments are:
- host: hostname to connect to (string, default previous host)
- port: port to connect to (integer, default previous port)
- timeout: the timeout to set against the ftp socket(s)
"""
if host != '':
self.host = host
if port > 0:
self.port = port
if timeout != -999:
self.timeout = timeout
msg = "getaddrinfo returns an empty list"
for res in socket.getaddrinfo(
self.host, self.port, 0, socket.SOCK_STREAM):
af, socktype, proto, canonname, sa = res
try:
self.sock = socket.socket(af, socktype, proto)
self.sock.connect(sa)
except socket.error as msg:
if self.sock:
self.sock.close()
self.sock = None
continue
break
if not self.sock:
raise socket.error(msg)
if self.connect_data:
self.sock.sendall(self.connect_data[0])
self.af = self.sock.family
self.file = self.sock.makefile('rb')
self.welcome = self.getresp()
return self.welcome
def getwelcome(self):
'''Get the welcome message from the server.
(this is read and squirreled away by connect())'''
if self.debugging:
print('*welcome*', self.sanitize(self.welcome))
return self.welcome
def set_debuglevel(self, level):
'''Set the debugging level.
The required argument level means:
0: no debugging output (default)
1: print commands and responses but not body text etc.
2: also print raw lines read and sent before stripping CR/LF'''
self.debugging = level
debug = set_debuglevel
def set_pasv(self, val):
'''Use passive or active mode for data transfers.
With a false argument, use the normal PORT mode,
With a true argument, use the PASV command.'''
self.passiveserver = val
def set_extended_address(self, val):
'''Use extended passive or active mode for data transfers.
With a false argument, use the normal EPRT mode,
With a true argument, use the PASV command.'''
self.extended_address = val
# Internal: "sanitize" a string for printing
def sanitize(self, s):
if s[:5] == 'pass ' or s[:5] == 'PASS ':
i = len(s)
while i > 5 and s[i-1] in '\r\n':
i = i-1
s = s[:5] + '*'*(i-5) + s[i:]
return repr(s)
# Internal: send one line to the server, appending CRLF
def putline(self, line):
if '\r' in line or '\n' in line:
raise ValueError('an illegal newline character should not be contained')
if self.sock is None:
raise error_closed()
line = line + CRLF
if self.debugging > 1:
print('*put*', self.sanitize(line))
self.sock.sendall(line.encode(self.encoding))
# Internal: send one command to the server (through putline())
def putcmd(self, line):
if self.debugging: print('*cmd*', self.sanitize(line))
self.putline(line)
# Internal: return one line from the server, stripping CRLF.
# Raise EOFError if the connection is closed
def getline(self):
line = _read_binary_line(self.file).decode(self.encoding)
if self.debugging > 1:
print('*get*', self.sanitize(line))
if not line: raise EOFError
if line[-2:] == CRLF: line = line[:-2]
elif line[-1:] in CRLF: line = line[:-1]
return line
# Internal: get a response from the server, which may possibly
# consist of multiple lines. Return a single string with no
# trailing CRLF. If the response consists of multiple lines,
# these are separated by '\n' characters in the string
def getmultiline(self):
line = self.getline()
if line[3:4] == '-':
code = line[:3]
while 1:
nextline = self.getline()
line = line + ('\n' + nextline)
if nextline[:3] == code and \
nextline[3:4] != '-':
break
return line
# Internal: get a response from the server.
# Raise various errors if the response indicates an error
def getresp(self):
resp = self.getmultiline()
if self.debugging:
print('*resp*', self.sanitize(resp))
self.lastresp = resp[:3]
c = resp[:1]
if c in {'1', '2', '3'}:
return resp
if c == '4':
raise error_temp(resp)
if c == '5':
raise error_perm(resp)
raise error_proto(resp)
def voidresp(self):
"""Expect a response beginning with '2'."""
resp = self.getresp()
if resp[:1] != '2':
raise error_reply(resp)
return resp
def abort(self):
'''Abort a file transfer. Uses out-of-band data.
This does not follow the procedure from the RFC to send Telnet
IP and Synch; that doesn't seem to work with the servers I've
tried. Instead, just send the ABOR command as OOB data.'''
line = b'ABOR' + B_CRLF
if self.debugging > 1:
print('*put urgent*', self.sanitize(line))
self.sock.sendall(line, MSG_OOB)
resp = self.getmultiline()
if resp[:3] not in {'426', '225', '226'}:
raise error_proto(resp)
return resp
def sendcmd(self, cmd):
'''Send a command and return the response.'''
self.putcmd(cmd)
return self.getresp()
def voidcmd(self, cmd):
"""Send a command and expect a response beginning with '2'."""
self.putcmd(cmd)
return self.voidresp()
def sendport(self, host, port):
'''Send a PORT command with the current host and the given
port number.
'''
hbytes = host.split('.')
pbytes = [repr(port//256), repr(port%256)]
bytes = hbytes + pbytes
cmd = 'PORT ' + ','.join(bytes)
return self.voidcmd(cmd)
def sendeprt(self, host, port):
'''Send an EPRT command with the current host and the given port number.'''
af = 0
if self.af == socket.AF_INET:
af = 1
if self.af == socket.AF_INET6:
af = 2
if af == 0:
raise error_proto('unsupported address family')
fields = ['', repr(af), host, repr(port), '']
cmd = 'EPRT ' + '|'.join(fields)
return self.voidcmd(cmd)
def makeport(self):
'''Create a new socket and send a PORT command for it.'''
msg = "getaddrinfo returns an empty list"
sock = None
for res in socket.getaddrinfo(None, 0, self.af, socket.SOCK_STREAM, 0, socket.AI_PASSIVE):
af, socktype, proto, canonname, sa = res
try:
sock = socket.socket(af, socktype, proto)
sock.bind(sa)
except socket.error as msg:
if sock:
sock.close()
sock = None
continue
break
if not sock:
raise socket.error(msg)
sock.listen(1)
port = sock.getsockname()[1] # Get proper port
host = self.sock.getsockname()[0] # Get proper host
if self.extended_address:
self.sendeprt(host, port)
else:
self.sendport(host, port)
if self.timeout is not _GLOBAL_DEFAULT_TIMEOUT:
sock.settimeout(self.timeout)
return sock
def makepasv(self):
if self.extended_address:
host, port = parse229(
self.sendcmd('EPSV'), self.sock.getpeername())
else:
host, port = parse227(self.sendcmd('PASV'))
return host, port
def ntransfercmd(self, cmd, rest=None):
"""Initiate a transfer over the data connection.
If the transfer is active, send a port command and the
transfer command, and accept the connection. If the server is
passive, send a pasv command, connect to it, and start the
transfer command. Either way, return the socket for the
connection and the expected size of the transfer. The
expected size may be None if it could not be determined.
Optional `rest' argument can be a string that is sent as the
argument to a REST command. This is essentially a server
marker used to tell the server to skip over any data up to the
given marker.
"""
size = None
if self.passiveserver:
host, port = self.makepasv()
self.last_passive_host = host
self.last_passive_port = port
af, socktype, proto, canon, sa = socket.getaddrinfo(
host, port, 0, socket.SOCK_STREAM)[0]
conn = socket.socket(af, socktype, proto)
conn.connect(sa)
if self.connect_data:
conn.sendall(self.connect_data[1])
if rest is not None:
self.sendcmd("REST %s" % rest)
time.sleep(0.01)
resp = self.sendcmd(cmd)
# Some servers apparently send a 200 reply to
# a LIST or STOR command, before the 150 reply
# (and way before the 226 reply). This seems to
# be in violation of the protocol (which only allows
# 1xx or error messages for LIST), so we just discard
# this response.
if resp[0] == '2':
resp = self.getresp()
if resp[0] != '1':
raise error_reply(resp)
else:
sock = self.makeport()
if rest is not None:
self.sendcmd("REST %s" % rest)
resp = self.sendcmd(cmd)
# See above.
if resp[0] == '2':
resp = self.getresp()
if resp[0] != '1':
raise error_reply(resp)
conn, sockaddr = sock.accept()
if self.timeout is not _GLOBAL_DEFAULT_TIMEOUT:
conn.settimeout(self.timeout)
if resp[:3] == '150':
# this is conditional in case we received a 125
size = parse150(resp)
return conn, size
def transfercmd(self, cmd, rest=None):
"""Like ntransfercmd() but returns only the socket."""
return self.ntransfercmd(cmd, rest)[0]
def login(self, user = '', passwd = '', acct = ''):
'''Login, default anonymous.'''
if not user: user = 'anonymous'
if not passwd: passwd = ''
if not acct: acct = ''
if user == 'anonymous' and passwd in ('', '-'):
# If there is no anonymous ftp password specified
# then we'll just use anonymous@
# We don't send any other thing because:
# - We want to remain anonymous
# - We want to stop SPAM
# - We don't want to let ftp sites to discriminate by the user,
# host or country.
passwd = passwd + 'anonymous@'
resp = self.sendcmd('USER ' + user)
if resp[0] == '3': resp = self.sendcmd('PASS ' + passwd)
if resp[0] == '3': resp = self.sendcmd('ACCT ' + acct)
if resp[0] != '2':
raise error_reply(resp)
return resp
def retrbinary(self, cmd, callback, blocksize=8192, rest=None):
"""Retrieve data in binary mode. A new port is created for you.
Args:
cmd: A RETR command.
callback: A single parameter callable to be called on each
block of data read.
blocksize: The maximum number of bytes to read from the
socket at one time. [default: 8192]
rest: Passed to transfercmd(). [default: None]
Returns:
The response code.
"""
self.voidcmd('TYPE I')
conn = self.transfercmd(cmd, rest)
while 1:
data = conn.recv(blocksize)
if not data:
break
callback(data)
conn.close()
return self.voidresp()
def retrlines(self, cmd, callback = None, strip_line=True):
"""Retrieve data in line mode. A new port is created for you.
Args:
cmd: A RETR, LIST, NLST, or MLSD command.
callback: An optional single parameter callable that is called
for each line with the trailing CRLF stripped.
[default: print_line()]
strip_line: A flat for allowing to return the actual line separator
received over the data channel.
Returns:
The response code.
"""
if callback is None: callback = print_line
self.sendcmd('TYPE A')
conn = self.transfercmd(cmd)
# To support testing, we always read the content in binary mode.
fp = conn.makefile('rb')
while 1:
line = _read_binary_line(fp).decode(self.encoding)
if self.debugging > 2: print('*retr*', repr(line))
if not line:
# Nothing read. We should be at EOF.
break
if strip_line:
if line[-2:] == CRLF:
line = line[:-2]
elif line[-1:] == '\n':
line = line[:-1]
callback(line)
fp.close()
conn.close()
return self.voidresp()
def storbinary(self, cmd, fp, blocksize=8192, callback=None, rest=None):
"""Store a file in binary mode. A new port is created for you.
Args:
cmd: A STOR command.
fp: A file-like object with a read(num_bytes) method.
blocksize: The maximum data size to read from fp and send over
the connection at once. [default: 8192]
callback: An optional single parameter callable that is called on
on each block of data after it is sent. [default: None]
rest: Passed to transfercmd(). [default: None]
Returns:
The response code.
"""
self.voidcmd('TYPE I')
conn = self.transfercmd(cmd, rest)
while 1:
buf = fp.read(blocksize)
if not buf: break
conn.sendall(buf)
if callback: callback(buf)
conn.close()
return self.voidresp()
def storlines(self, cmd, fp, callback=None):
"""Store a file in line mode. A new port is created for you.
Args:
cmd: A STOR command.
fp: A file-like object with a readline() method.
callback: An optional single parameter callable that is called on
on each line after it is sent. [default: None]
Returns:
The response code.
"""
self.voidcmd('TYPE A')
conn = self.transfercmd(cmd)
while 1:
# To support testing, the local file is always read the local
# source file binary mode.
buf = _read_binary_line(fp).decode(self.encoding)
if not buf:
break
if buf[-1] != '\n':
# No new line delimiter, so no need to convert it.
pass
elif buf[-2:] != CRLF:
# We need to convert the newline.
if buf[-1] in CRLF:
buf = buf[:-1]
buf = buf + CRLF
conn.sendall(buf.encode(self.encoding))
if callback: callback(buf)
conn.close()
return self.voidresp()
def acct(self, password):
'''Send new account name.'''
cmd = 'ACCT ' + password
return self.voidcmd(cmd)
def nlst(self, *args):
'''Return a list of files in a given directory (default the current).'''
cmd = 'NLST'
for arg in args:
cmd = cmd + (' ' + arg)
files = []
self.retrlines(cmd, files.append)
return files
def dir(self, *args):
'''List a directory in long form.
By default list current directory to stdout.
Optional last argument is callback function; all
non-empty arguments before it are concatenated to the
LIST command. (This *should* only be used for a pathname.)'''
cmd = 'LIST'
func = None
if args[-1:] and type(args[-1]) != type(''):
args, func = args[:-1], args[-1]
for arg in args:
if arg:
cmd = cmd + (' ' + arg)
self.retrlines(cmd, func)
def rename(self, fromname, toname):
'''Rename a file.'''
resp = self.sendcmd('RNFR ' + fromname)
if resp[0] != '3':
raise error_reply(resp)
return self.voidcmd('RNTO ' + toname)
def delete(self, filename):
'''Delete a file.'''
resp = self.sendcmd('DELE ' + filename)
if resp[:3] in ('250', '200'):
return resp
else:
raise error_reply(resp)
def cwd(self, dirname):
'''Change to a directory.'''
if dirname == '..':
try:
return self.voidcmd('CDUP')
except error_perm as msg:
if msg.args[0][:3] != '500':
raise
elif dirname == '':
dirname = '.' # does nothing, but could return error
cmd = 'CWD ' + dirname
return self.voidcmd(cmd)
def size(self, filename):
'''Retrieve the size of a file.'''
# The SIZE command is defined in RFC-3659
resp = self.sendcmd('SIZE ' + filename)
if resp[:3] == '213':
s = resp[3:].strip()
try:
return int(s)
except (OverflowError, ValueError):
return int(s)
def mkd(self, dirname):
'''Make a directory, return its full pathname.'''
resp = self.sendcmd('MKD ' + dirname)
return parse257(resp)
def rmd(self, dirname):
'''Remove a directory.'''
return self.voidcmd('RMD ' + dirname)
def pwd(self):
'''Return current working directory.'''
resp = self.sendcmd('PWD')
return parse257(resp)
def quit(self):
'''Quit, and close the connection.'''
resp = self.voidcmd('QUIT')
self.close()
return resp
def close(self):
"""
Close the connection without assuming anything about it.
"""
if self.sock is not None:
try:
self.sock.shutdown(socket.SHUT_RDWR)
except socket.error as error:
if error.errno == errno.ENOTCONN:
# Shutdown is already done as socket is closed.
pass
else:
raise
self.sock.close()
if self.file is not None:
self.file.close()
self.file = self.sock = None
class FTP_TLS(FTP):
'''A FTP subclass which adds TLS support to FTP as described
in RFC-4217.
Connect as usual to port 21 explicitly securing the FTP control
connection before authenticating.
Securing the data connection requires user to explicitly ask
for it by calling prot_p() method.
Usage example:
>>> from ftplib import FTP_TLS
>>> ftps = FTP_TLS('ftp.python.org')
>>> ftps.login() # login anonymously previously securing control channel
'230 Guest login ok, access restrictions apply.'
>>> ftps.prot_p() # switch to secure data connection
'200 Protection level set to P'
>>> ftps.retrlines('LIST') # list directory content securely
total 9
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 .
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 ..
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 bin
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 etc
d-wxrwxr-x 2 ftp wheel 1024 Sep 5 13:43 incoming
drwxr-xr-x 2 root wheel 1024 Nov 17 1993 lib
drwxr-xr-x 6 1094 wheel 1024 Sep 13 19:07 pub
drwxr-xr-x 3 root wheel 1024 Jan 3 1994 usr
-rw-r--r-- 1 root root 312 Aug 1 1994 welcome.msg
'226 Transfer complete.'
>>> ftps.quit()
'221 Goodbye.'
>>>
'''
ssl_version = ssl.SSLv23_METHOD
def __init__(self, host='', user='', passwd='', acct='', keyfile=None,
certfile=None, timeout=_GLOBAL_DEFAULT_TIMEOUT,
cipher_list=None, method=None, cafile=None):
self.keyfile = keyfile
self.certfile = certfile
self.cafile = cafile
self.cipher_list = cipher_list
if method is None:
method = self.ssl_version
self.method = method
self._prot_p = False
self.dtp_session_reuse = True
self.ssl_context = None
FTP.__init__(self, host, user, passwd, acct, timeout)
def init_ssl_context(self):
'''Retun a SSL context for this client.'''
if self.ssl_context is None:
self.ssl_context = ssl.Context(self.method)
if not self.cipher_list:
self.cipher_list = 'ALL' + OPENSSL_SECLEVEL
self.ssl_context.set_cipher_list(self.cipher_list)
if self.certfile:
self.ssl_context.use_certificate_file(self.certfile)
if not self.keyfile:
self.keyfile = self.certfile
if self.keyfile:
self.ssl_context.use_privatekey_file(self.keyfile)
if self.cafile:
def verify_server_certificate(
conn, cert, errno, depth, preverify_ok):
return preverify_ok
self.ssl_context.set_verify(
ssl.VERIFY_PEER | ssl.VERIFY_FAIL_IF_NO_PEER_CERT |
ssl.VERIFY_CLIENT_ONCE,
verify_server_certificate,
)
self.ssl_context.load_verify_locations(self.cafile, None)
self._OP_ALL = getattr(ssl, 'OP_ALL', 0x0000FFFF)
self.ssl_context.set_options(self._OP_ALL)
# OP_NO_TICKET is not (yet) exposed by PyOpenSSL
self._OP_NO_TICKET = 0x00004000
self.ssl_context.set_options(self._OP_NO_TICKET)
self.ssl_context.set_options(ssl.OP_SINGLE_DH_USE)
def getline(self):
"""
SSL wrapper for plan FTP.getline
"""
return self._callSSL(FTP.getline, self)
def putline(self, line):
"""
SSL wrapper for plan FTP.putline
"""
return self._callSSL(FTP.putline, self, line)
def _callSSL(self, callback, *args, **kwargs):
"""
Try to call a method which uses the SSL layer,
retrying on WantReadError.
"""
_tries = kwargs.pop('_tries', 0)
try:
return callback(*args, **kwargs)
except (ssl.WantReadError, ssl.WantWriteError): # noqa:cover
# This means that SSL layers still needs to read data in order
# to get our data.
# We wait for SSL thread to do its job and try again.
# Waiting for less results in reaching the
# recursion limit.
if _tries > 20:
# We already tried enough.
raise
time.sleep(0.1)
kwargs['_tries'] = _tries + 1
return self._callSSL(callback, *args, **kwargs)
except ssl.SysCallError as error:
# Connection was closed.
raise error_perm('SysCallError {}'.format(error))
def doSSLShutdown(self, socket, timeout=10):
"""
Clear the SSL part of a socket.
"""
if not isinstance(socket, ssl.Connection):
return
start_time = time.time()
socket.set_shutdown(ssl.SENT_SHUTDOWN | ssl.RECEIVED_SHUTDOWN)
while time.time() - start_time < timeout:
try:
# Try the handshake, just in the case in which it was
# accidentally not triggered yet.
socket.do_handshake()
except ssl.WantReadError:
pass
state = socket.get_state_string()
if state == b'SSL negotiation finished successfully':
break
if not socket.shutdown():
# TLS not yet finalized.
# Wait and retry.
time.sleep(0.1)
socket.shutdown()
def close(self):
"""
Close the connection without assuming anything about it.
"""
if self.sock is not None:
try:
# On FTPS self.sock is a SSL.Connection.
try:
self.sock.shutdown()
except TypeError:
# We might have downgraded the data channel using CCC.
self.sock.shutdown(socket.SHUT_RDWR)
self.sock.close()
except socket.error as error:
if error.errno == errno.ENOTCONN:
# Shutdown is already done as socket is closed.
pass
else:
raise
if self.file is not None:
self.file.close()
self.file = self.sock = None
def login(self, user='', passwd='', acct='', secure=True):
if secure and not isinstance(self.sock, ssl.Connection):
self.auth()
return FTP.login(self, user, passwd, acct)
def auth(self):
'''Set up secure control connection by using TLS/SSL.'''
if isinstance(self.sock, ssl.Connection):
raise ValueError("Already using TLS")
if self.method == ssl.TLSv1_METHOD:
resp = self.voidcmd('AUTH TLS')
else:
resp = self.voidcmd('AUTH SSL')
self.init_ssl_context()
# The non-SSL-wrapped socket.
self._clean_socket = self.sock
self._clean_file = self.file
self.sock = ssl.Connection(self.ssl_context, self.sock)
self.sock.setblocking(True)
self.sock.set_connect_state()
try:
self.sock.do_handshake()
except ssl.WantReadError:
pass
if six.PY2:
self.file = socket._fileobject(self.sock, 'rb')
else:
self.file = socket.SocketIO(self.sock, 'rb')
return resp
def prot_p(self):
'''Set up secure data connection.'''
# PROT defines whether or not the data channel is to be protected.
# Though RFC-2228 defines four possible protection levels,
# RFC-4217 only recommends two, Clear and Private.
# Clear (PROT C) means that no security is to be used on the
# data-channel, Private (PROT P) means that the data-channel
# should be protected by TLS.
# PBSZ command MUST still be issued, but must have a parameter of
# '0' to indicate that no buffering is taking place and the data
# connection should not be encapsulated.
self.voidcmd('PBSZ 0')
resp = self.voidcmd('PROT P')
self._prot_p = True
return resp
def prot_c(self):
'''Set up clear text data connection.'''
resp = self.voidcmd('PROT C')
self._prot_p = False
return resp
def ccc(self):
if not isinstance(self.sock, ssl.Connection):
raise ValueError("not using TLS")
resp = self.voidcmd('CCC')
self.sock.set_shutdown(ssl.SENT_SHUTDOWN | ssl.RECEIVED_SHUTDOWN)
done = self.sock.shutdown()
assert done is True
self.sock = self._clean_socket
self.file = self.sock.makefile('rb')
# Flush the data from the tls shutdown.
self.sock.recv(100)
return resp
# --- Overridden FTP methods
def ntransfercmd(self, cmd, rest=None):
'''See `FTP.ntransfercmd`.
Initiate a transfer over data channel.'''
conn, size = FTP.ntransfercmd(self, cmd, rest)
if self._prot_p:
conn = ssl.Connection(self.ssl_context, conn)
conn.set_connect_state()
if self.dtp_session_reuse:
conn.set_session(self.sock.get_session())
return conn, size
def retrbinary(self, cmd, callback, blocksize=8192, rest=None):
self.voidcmd('TYPE I')
conn = self.transfercmd(cmd, rest)
try:
while 1:
data = None
try:
data = self._callSSL(conn.recv, blocksize)
except ssl.ZeroReturnError:
# pyOpenSSL does not return 0, but rather
# SSL.ZeroReturnError
pass
if not data:
break
callback(data)
self.doSSLShutdown(conn)
except error_perm:
# There was an error processing the data connection.
# Read the command response and forward the error.
resp = self.getresp()
raise error_perm(resp)
finally:
conn.close()
return self.voidresp()
def retrlines(self, cmd, callback=None, strip_line=True):
"""
Read lines over SSL.
"""
if callback is None:
callback = print_line
self.sendcmd('TYPE A')
conn = self.transfercmd(cmd)
# Content of unfinished line.
buff = b''
try:
while 1:
try:
data = self._callSSL(conn.recv, 8192)
if not data:
break
except ssl.ZeroReturnError:
'''When the socket is using SSL it will raise
ZeroReturnError instead of returning 0.'''
break
data = buff + data
buff = b''
lines = data.splitlines(True)
last_line = lines[-1]
if not last_line.endswith(b'\n'):
# last line does not have a new line... so it might
# be a partial line.
buff = last_line
lines = lines[:-1]
for line in lines:
if strip_line:
if line[-2:] == B_CRLF:
line = line[:-2]
elif line[-1:] == '\n':
line = line[:-1]
callback(line.decode(self.encoding))
# Notify last line, if not sent already.
if buff:
callback(buff.decode(self.encoding))
self.doSSLShutdown(conn)
except error_perm:
# There was an error processing the data connection.
# Read the command response and forward the error.
resp = self.getresp()
raise error_perm(resp)
finally:
conn.close()
return self.voidresp()
def storbinary(self, cmd, fp, blocksize=8192, callback=None, rest=None):
self.voidcmd('TYPE I')
conn = self.transfercmd(cmd, rest)
try:
while 1:
buf = fp.read(blocksize)
if not buf:
break
self._callSSL(conn.sendall, buf)
if callback:
callback(buf)
self.doSSLShutdown(conn)
finally:
conn.close()
return self.voidresp()
def storlines(self, cmd, fp, callback=None):
self.voidcmd('TYPE A')
conn = self.transfercmd(cmd)
try:
while 1:
buf = _read_binary_line(fp).decode(self.encoding)
if not buf:
break
if buf[-1] != '\n':
# No new line delimiter, so no need to convert it.
pass
elif buf[-2:] != CRLF:
if buf[-1] in CRLF:
buf = buf[:-1]
buf = buf + CRLF
self._callSSL(conn.sendall, buf.encode(self.encoding))
if callback:
callback(buf)
# Wait a bit for the last chunk to be sent.
# I have no idea why this is needed for the ASCII tests.
# as for SSL it all should be bytes.
# This failure was not observed for binary tests executed via
# storbinary, but it might be because for binary all data is
# written in one go.
time.sleep(0.1)
self.doSSLShutdown(conn)
finally:
conn.close()
return self.voidresp()
all_errors = (Error, IOError, EOFError, ssl.Error)
class FTP_TLSI(FTP_TLS):
'''A FTP_TLS subclass which add implicit FTPS support.'''
def __init__(self, *args, **kwargs):
FTP_TLS.__init__(self, *args, **kwargs)
self.init_ssl_context()
def connect(self, host='', port=0, timeout=-999):
'''Connect to host. Arguments are:
- host: hostname to connect to (string, default previous host)
- port: port to connect to (integer, default previous port)
'''
if host != '':
self.host = host
if port > 0:
self.port = port
if timeout != -999:
self.timeout = timeout
msg = "getaddrinfo returns an empty list"
for res in socket.getaddrinfo(
self.host, self.port, 0, socket.SOCK_STREAM):
af, socktype, proto, canonname, sa = res
try:
self._clean_socket = socket.socket(af, socktype)
self._clean_socket.setblocking(True)
self._clean_socket.connect(sa)
self.sock = ssl.Connection(
self.ssl_context, self._clean_socket)
self.sock.setblocking(True)
self.sock.set_connect_state()
except socket.error as msg:
if self.sock:
self.sock.close()
self.sock = None
continue
break
if not self.sock:
raise socket.error(msg)
self.af = self.sock.family
if self.connect_data:
self._clean_socket.sendall(self.connect_data[0])
try:
self.sock.do_handshake()
except ssl.WantReadError:
pass
if six.PY2:
self.file = socket._fileobject(self.sock, 'rb')
else:
self.file = socket.SocketIO(self.sock, 'rb')
self.welcome = self.getresp()
return self.welcome
def login(self, user='', passwd='', acct='', secure=True):
return FTP.login(self, user, passwd, acct)
def auth(self):
"""
Called to initiate explicit FTPS.
"""
raise AssertionError('FTPSI has no AUTH command.')
_150_re = None
def parse150(resp):
'''Parse the '150' response for a RETR request.
Returns the expected transfer size or None; size is not guaranteed to
be present in the 150 message.
'''
if resp[:3] != '150':
raise error_reply(resp)
global _150_re
if _150_re is None:
import re
_150_re = re.compile("150 .* \((\d+) bytes\)", re.IGNORECASE)
m = _150_re.match(resp)
if not m:
return None
s = m.group(1)
try:
return int(s)
except (OverflowError, ValueError):
return int(s)
_227_re = None
def parse227(resp):
'''Parse the '227' response for a PASV request.
Raises error_proto if it does not contain '(h1,h2,h3,h4,p1,p2)'
Return ('host.addr.as.numbers', port#) tuple.'''
if resp[:3] != '227':
raise error_reply(resp)
global _227_re
if _227_re is None:
import re
_227_re = re.compile(r'(\d+),(\d+),(\d+),(\d+),(\d+),(\d+)')
m = _227_re.search(resp)
if not m:
raise error_proto(resp)
numbers = m.groups()
host = '.'.join(numbers[:4])
port = (int(numbers[4]) << 8) + int(numbers[5])
return host, port
def parse229(resp, peer):
'''Parse the '229' response for a EPSV request.
Raises error_proto if it does not contain '(|||port|)'
Return ('host.addr.as.numbers', port#) tuple.'''
if resp[:3] != '229':
raise error_reply(resp)
left = resp.find('(')
if left < 0: raise error_proto(resp)
right = resp.find(')', left + 1)
if right < 0:
raise error_proto(resp) # should contain '(|||port|)'
if resp[left + 1] != resp[right - 1]:
raise error_proto(resp)
parts = resp[left + 1:right].split(resp[left+1])
if len(parts) != 5:
raise error_proto(resp)
host = peer[0]
port = int(parts[3])
return host, port
def parse257(resp):
'''Parse the '257' response for a MKD or PWD request.
This is a response to a MKD or PWD request: a directory name.
Returns the directoryname in the 257 reply.'''
if resp[:3] != '257':
raise error_reply(resp)
if resp[3:5] != ' "':
return '' # Not compliant to RFC 959, but UNIX ftpd does this
dirname = ''
i = 5
n = len(resp)
while i < n:
c = resp[i]
i = i+1
if c == '"':
if i >= n or resp[i] != '"':
break
i = i+1
dirname = dirname + c
return dirname
def print_line(line):
'''Default retrlines callback to print a line.'''
print(line)
def ftpcp(source, sourcename, target, targetname = '', type = 'I'):
'''Copy file from one FTP-instance to another.'''
if not targetname: targetname = sourcename
type = 'TYPE ' + type
source.voidcmd(type)
target.voidcmd(type)
sourcehost, sourceport = parse227(source.sendcmd('PASV'))
target.sendport(sourcehost, sourceport)
# RFC 959: the user must "listen" [...] BEFORE sending the
# transfer request.
# So: STOR before RETR, because here the target is a "user".
treply = target.sendcmd('STOR ' + targetname)
if treply[:3] not in ('125', '150'): raise error_proto() # RFC 959
sreply = source.sendcmd('RETR ' + sourcename)
if sreply[:3] not in ('125', '150'): raise error_proto() # RFC 959
source.voidresp()
target.voidresp()
class Netrc:
"""Class to parse & provide access to 'netrc' format files.
See the netrc(4) man page for information on the file format.
WARNING: This class is obsolete -- use module netrc instead.
"""
__defuser = None
__defpasswd = None
__defacct = None
def __init__(self, filename=None):
if filename is None:
if "HOME" in os.environ:
filename = os.path.join(os.environ["HOME"],
".netrc")
else:
raise IOError(
"specify file to load or set $HOME")
self.__hosts = {}
self.__macros = {}
fp = open(filename, "r")
in_macro = 0
macro_name = None
macro_lines = []
while 1:
line = _read_line(fp)
if not line: break
if in_macro and line.strip():
macro_lines.append(line)
continue
elif in_macro:
self.__macros[macro_name] = tuple(macro_lines)
in_macro = 0
words = line.split()
host = user = passwd = acct = None
default = 0
i = 0
while i < len(words):
w1 = words[i]
if i+1 < len(words):
w2 = words[i + 1]
else:
w2 = None
if w1 == 'default':
default = 1
elif w1 == 'machine' and w2:
host = w2.lower()
i = i + 1
elif w1 == 'login' and w2:
user = w2
i = i + 1
elif w1 == 'password' and w2:
passwd = w2
i = i + 1
elif w1 == 'account' and w2:
acct = w2
i = i + 1
elif w1 == 'macdef' and w2:
macro_name = w2
macro_lines = []
in_macro = 1
break
i = i + 1
if default:
self.__defuser = user or self.__defuser
self.__defpasswd = passwd or self.__defpasswd
self.__defacct = acct or self.__defacct
if host:
if host in self.__hosts:
ouser, opasswd, oacct = \
self.__hosts[host]
user = user or ouser
passwd = passwd or opasswd
acct = acct or oacct
self.__hosts[host] = user, passwd, acct
fp.close()
def get_hosts(self):
"""Return a list of hosts mentioned in the .netrc file."""
return list(self.__hosts.keys())
def get_account(self, host):
"""Returns login information for the named host.
The return value is a triple containing userid,
password, and the accounting field.
"""
host = host.lower()
user = passwd = acct = None
if host in self.__hosts:
user, passwd, acct = self.__hosts[host]
user = user or self.__defuser
passwd = passwd or self.__defpasswd
acct = acct or self.__defacct
return user, passwd, acct
def get_macros(self):
"""Return a list of all defined macro names."""
return list(self.__macros.keys())
def get_macro(self, macro):
"""Return a sequence of lines which define a named macro."""
return self.__macros[macro]
def test():
'''Test program.
Usage: ftp [-d] [-r[file]] host [-l[dir]] [-d[dir]] [-p] [file] ...
-d dir
-l list
-p password
'''
if len(sys.argv) < 2:
print(test.__doc__)
sys.exit(0)
debugging = 0
rcfile = None
while sys.argv[1] == '-d':
debugging = debugging+1
del sys.argv[1]
if sys.argv[1][:2] == '-r':
# get name of alternate ~/.netrc file:
rcfile = sys.argv[1][2:]
del sys.argv[1]
host = sys.argv[1]
ftp = FTP(host)
ftp.set_debuglevel(debugging)
userid = passwd = acct = ''
try:
netrc = Netrc(rcfile)
except IOError:
if rcfile is not None:
sys.stderr.write("Could not open account file"
" -- using anonymous login.")
else:
try:
userid, passwd, acct = netrc.get_account(host)
except KeyError:
# no account for host
sys.stderr.write(
"No account -- using anonymous login.")
ftp.login(userid, passwd, acct)
for file in sys.argv[2:]:
if file[:2] == '-l':
ftp.dir(file[2:])
elif file[:2] == '-d':
cmd = 'CWD'
if file[2:]: cmd = cmd + ' ' + file[2:]
ftp.sendcmd(cmd)
elif file == '-p':
ftp.set_pasv(not ftp.passiveserver)
else:
ftp.retrbinary('RETR ' + file, \
sys.stdout.write, 1024)
ftp.quit()
if __name__ == '__main__':
test()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment