Created
May 25, 2024 09:40
-
-
Save adiroiban/1f35bf0844e02fb2bccae167ff26becb to your computer and use it in GitHub Desktop.
Fork of Python stdlib ftp client that uses pyOpenSSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
Standard library code adapted to support testing. | |
Fork of standard library code, started as a backport of Python ftplib from 2.7 | |
to 2.5, and updated with some inspiration from Python 3.8. | |
https://github.com/python/cpython/blob/3.8/Lib/ftplib.py | |
This is a quick and dirty port. | |
pyOpenSSL is used instead of the standard ssl module. | |
On top of the port, a few extra functionalities were added; | |
* Add support for FTPS CCC | |
* Add support for Implicit FTPS | |
* Allow explicit usage of extended commands. | |
* Raise an explicit error if command channel was not properly closed. | |
* Allow using an explicit cipher list. | |
* Allow using an explicit SSL/TLS method. | |
* Allow checking server identity. | |
------------------ | |
An FTP client class and some helper functions. | |
Based on RFC 959: File Transfer Protocol (FTP), by J. Postel and J. Reynolds | |
Example: | |
>>> from ftplib import FTP | |
>>> ftp = FTP('ftp.python.org') # connect to host, default port | |
>>> ftp.login() # default, i.e.: user anonymous, passwd anonymous@ | |
'230 Guest login ok, access restrictions apply.' | |
>>> ftp.retrlines('LIST') # list directory contents | |
total 9 | |
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 . | |
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 .. | |
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 bin | |
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 etc | |
d-wxrwxr-x 2 ftp wheel 1024 Sep 5 13:43 incoming | |
drwxr-xr-x 2 root wheel 1024 Nov 17 1993 lib | |
drwxr-xr-x 6 1094 wheel 1024 Sep 13 19:07 pub | |
drwxr-xr-x 3 root wheel 1024 Jan 3 1994 usr | |
-rw-r--r-- 1 root root 312 Aug 1 1994 welcome.msg | |
'226 Transfer complete.' | |
>>> ftp.quit() | |
'221 Goodbye.' | |
>>> | |
A nice test that reveals some of the network dialogue would be: | |
python ftplib.py -d localhost -l -p -l | |
""" | |
# | |
# Changes and improvements suggested by Steve Majewski. | |
# Modified by Jack to work on the mac. | |
# Modified by Siebren to support docstrings and PASV. | |
# Modified by Phil Schwartz to add storbinary and storlines callbacks. | |
# Modified by Giampaolo Rodola' to add TLS support. | |
# | |
from __future__ import print_function | |
from __future__ import absolute_import | |
import errno | |
import os | |
import sys | |
import time | |
import six | |
# Import SOCKS module if it exists, else standard socket module socket | |
try: | |
import SOCKS | |
socket = SOCKS | |
del SOCKS # import SOCKS as socket | |
from socket import getfqdn | |
socket.getfqdn = getfqdn | |
del getfqdn | |
except ImportError: | |
import socket | |
import OpenSSL.SSL as ssl | |
if six.PY3 or ssl.OPENSSL_VERSION_NUMBER > 0x10101000: | |
OPENSSL_SECLEVEL = '@SECLEVEL=0' | |
else: | |
# Seclevel not supported. | |
OPENSSL_SECLEVEL = '' | |
_GLOBAL_DEFAULT_TIMEOUT = 5 | |
__all__ = ["FTP", "Netrc", 'FTP_TLS', 'FTP_TLSI'] | |
# Magic number from <socket.h> | |
MSG_OOB = 0x1 # Process data out of band | |
# The standard FTP server control port | |
FTP_PORT = 21 | |
# Exception raised when an error or invalid response is received | |
class Error(Exception): pass | |
class error_closed(Error): pass # Connection is already closed. | |
class error_reply(Error): pass # unexpected [123]xx reply | |
class error_temp(Error): pass # 4xx errors | |
class error_perm(Error): pass # 5xx errors | |
class error_proto(Error): pass # response does not begin with [1-5] | |
# All exceptions (hopefully) that may be raised here and that aren't | |
# (always) programming errors on our side | |
all_errors = (Error, EnvironmentError, EOFError) | |
def _read_line(fp): | |
""" | |
Read a line in text mode. | |
""" | |
result = _read_binary_line(fp) | |
if six.PY2: | |
return result.decode('utf-8') | |
return result | |
def _read_binary_line(fp): | |
""" | |
Helper to read a line and handle various socket errors. | |
""" | |
try: | |
return fp.readline() | |
except Exception as error: | |
if error.args[0] == 10054: | |
# On Windows the socket was already closed. | |
return b'' | |
raise | |
# Line terminators (we always output CRLF, but accept any of CRLF, CR, LF) | |
CRLF = '\r\n' | |
B_CRLF = b'\r\n' | |
# The class itself | |
class FTP: | |
""" | |
An FTP client class. | |
To create a connection, call the class using these arguments: | |
host, user, passwd, acct, timeout, encoding | |
The first four arguments are all strings, and have default value ''. | |
timeout must be numeric and defaults to None if not passed, | |
meaning that no timeout will be set on any ftp socket(s) | |
If a timeout is passed, then this is now the default timeout for all ftp | |
socket operations for this instance. | |
The last parameter is the encoding of filenames and storlines output. | |
Then use self.connect() with optional host and port argument. | |
To download a file, use ftp.retrlines('RETR ' + filename), | |
or ftp.retrbinary() with slightly different arguments. | |
To upload a file, use ftp.storlines() or ftp.storbinary(), | |
which have an open file as argument (see their definitions | |
below for details). | |
The download/upload functions first issue appropriate TYPE | |
and PORT or PASV commands. | |
""" | |
debugging = 0 | |
host = '' | |
port = FTP_PORT | |
sock = None | |
file = None | |
welcome = None | |
passiveserver = True | |
extended_address = True | |
last_passive_host = None | |
last_passive_port = None | |
# Data to send soon after the connection. | |
# Can be used to inject PROXY protocol data. | |
# It should be a tuple for the command channel data and the passive | |
# port data. | |
connect_data = () | |
def __init__(self, host='', user='', passwd='', acct='', | |
timeout=_GLOBAL_DEFAULT_TIMEOUT, encoding='utf-8'): | |
""" | |
Initialization method (called by class instantiation). | |
Initialize host to localhost, port to standard ftp port. | |
Optional arguments are host (for connect()), | |
and user, passwd, acct (for login()). | |
""" | |
self.encoding = encoding | |
self.timeout = timeout | |
if host: | |
self.connect(host) | |
if user: | |
self.login(user, passwd, acct) | |
def connect(self, host='', port=0, timeout=-999): | |
""" | |
Connect to host. Arguments are: | |
- host: hostname to connect to (string, default previous host) | |
- port: port to connect to (integer, default previous port) | |
- timeout: the timeout to set against the ftp socket(s) | |
""" | |
if host != '': | |
self.host = host | |
if port > 0: | |
self.port = port | |
if timeout != -999: | |
self.timeout = timeout | |
msg = "getaddrinfo returns an empty list" | |
for res in socket.getaddrinfo( | |
self.host, self.port, 0, socket.SOCK_STREAM): | |
af, socktype, proto, canonname, sa = res | |
try: | |
self.sock = socket.socket(af, socktype, proto) | |
self.sock.connect(sa) | |
except socket.error as msg: | |
if self.sock: | |
self.sock.close() | |
self.sock = None | |
continue | |
break | |
if not self.sock: | |
raise socket.error(msg) | |
if self.connect_data: | |
self.sock.sendall(self.connect_data[0]) | |
self.af = self.sock.family | |
self.file = self.sock.makefile('rb') | |
self.welcome = self.getresp() | |
return self.welcome | |
def getwelcome(self): | |
'''Get the welcome message from the server. | |
(this is read and squirreled away by connect())''' | |
if self.debugging: | |
print('*welcome*', self.sanitize(self.welcome)) | |
return self.welcome | |
def set_debuglevel(self, level): | |
'''Set the debugging level. | |
The required argument level means: | |
0: no debugging output (default) | |
1: print commands and responses but not body text etc. | |
2: also print raw lines read and sent before stripping CR/LF''' | |
self.debugging = level | |
debug = set_debuglevel | |
def set_pasv(self, val): | |
'''Use passive or active mode for data transfers. | |
With a false argument, use the normal PORT mode, | |
With a true argument, use the PASV command.''' | |
self.passiveserver = val | |
def set_extended_address(self, val): | |
'''Use extended passive or active mode for data transfers. | |
With a false argument, use the normal EPRT mode, | |
With a true argument, use the PASV command.''' | |
self.extended_address = val | |
# Internal: "sanitize" a string for printing | |
def sanitize(self, s): | |
if s[:5] == 'pass ' or s[:5] == 'PASS ': | |
i = len(s) | |
while i > 5 and s[i-1] in '\r\n': | |
i = i-1 | |
s = s[:5] + '*'*(i-5) + s[i:] | |
return repr(s) | |
# Internal: send one line to the server, appending CRLF | |
def putline(self, line): | |
if '\r' in line or '\n' in line: | |
raise ValueError('an illegal newline character should not be contained') | |
if self.sock is None: | |
raise error_closed() | |
line = line + CRLF | |
if self.debugging > 1: | |
print('*put*', self.sanitize(line)) | |
self.sock.sendall(line.encode(self.encoding)) | |
# Internal: send one command to the server (through putline()) | |
def putcmd(self, line): | |
if self.debugging: print('*cmd*', self.sanitize(line)) | |
self.putline(line) | |
# Internal: return one line from the server, stripping CRLF. | |
# Raise EOFError if the connection is closed | |
def getline(self): | |
line = _read_binary_line(self.file).decode(self.encoding) | |
if self.debugging > 1: | |
print('*get*', self.sanitize(line)) | |
if not line: raise EOFError | |
if line[-2:] == CRLF: line = line[:-2] | |
elif line[-1:] in CRLF: line = line[:-1] | |
return line | |
# Internal: get a response from the server, which may possibly | |
# consist of multiple lines. Return a single string with no | |
# trailing CRLF. If the response consists of multiple lines, | |
# these are separated by '\n' characters in the string | |
def getmultiline(self): | |
line = self.getline() | |
if line[3:4] == '-': | |
code = line[:3] | |
while 1: | |
nextline = self.getline() | |
line = line + ('\n' + nextline) | |
if nextline[:3] == code and \ | |
nextline[3:4] != '-': | |
break | |
return line | |
# Internal: get a response from the server. | |
# Raise various errors if the response indicates an error | |
def getresp(self): | |
resp = self.getmultiline() | |
if self.debugging: | |
print('*resp*', self.sanitize(resp)) | |
self.lastresp = resp[:3] | |
c = resp[:1] | |
if c in {'1', '2', '3'}: | |
return resp | |
if c == '4': | |
raise error_temp(resp) | |
if c == '5': | |
raise error_perm(resp) | |
raise error_proto(resp) | |
def voidresp(self): | |
"""Expect a response beginning with '2'.""" | |
resp = self.getresp() | |
if resp[:1] != '2': | |
raise error_reply(resp) | |
return resp | |
def abort(self): | |
'''Abort a file transfer. Uses out-of-band data. | |
This does not follow the procedure from the RFC to send Telnet | |
IP and Synch; that doesn't seem to work with the servers I've | |
tried. Instead, just send the ABOR command as OOB data.''' | |
line = b'ABOR' + B_CRLF | |
if self.debugging > 1: | |
print('*put urgent*', self.sanitize(line)) | |
self.sock.sendall(line, MSG_OOB) | |
resp = self.getmultiline() | |
if resp[:3] not in {'426', '225', '226'}: | |
raise error_proto(resp) | |
return resp | |
def sendcmd(self, cmd): | |
'''Send a command and return the response.''' | |
self.putcmd(cmd) | |
return self.getresp() | |
def voidcmd(self, cmd): | |
"""Send a command and expect a response beginning with '2'.""" | |
self.putcmd(cmd) | |
return self.voidresp() | |
def sendport(self, host, port): | |
'''Send a PORT command with the current host and the given | |
port number. | |
''' | |
hbytes = host.split('.') | |
pbytes = [repr(port//256), repr(port%256)] | |
bytes = hbytes + pbytes | |
cmd = 'PORT ' + ','.join(bytes) | |
return self.voidcmd(cmd) | |
def sendeprt(self, host, port): | |
'''Send an EPRT command with the current host and the given port number.''' | |
af = 0 | |
if self.af == socket.AF_INET: | |
af = 1 | |
if self.af == socket.AF_INET6: | |
af = 2 | |
if af == 0: | |
raise error_proto('unsupported address family') | |
fields = ['', repr(af), host, repr(port), ''] | |
cmd = 'EPRT ' + '|'.join(fields) | |
return self.voidcmd(cmd) | |
def makeport(self): | |
'''Create a new socket and send a PORT command for it.''' | |
msg = "getaddrinfo returns an empty list" | |
sock = None | |
for res in socket.getaddrinfo(None, 0, self.af, socket.SOCK_STREAM, 0, socket.AI_PASSIVE): | |
af, socktype, proto, canonname, sa = res | |
try: | |
sock = socket.socket(af, socktype, proto) | |
sock.bind(sa) | |
except socket.error as msg: | |
if sock: | |
sock.close() | |
sock = None | |
continue | |
break | |
if not sock: | |
raise socket.error(msg) | |
sock.listen(1) | |
port = sock.getsockname()[1] # Get proper port | |
host = self.sock.getsockname()[0] # Get proper host | |
if self.extended_address: | |
self.sendeprt(host, port) | |
else: | |
self.sendport(host, port) | |
if self.timeout is not _GLOBAL_DEFAULT_TIMEOUT: | |
sock.settimeout(self.timeout) | |
return sock | |
def makepasv(self): | |
if self.extended_address: | |
host, port = parse229( | |
self.sendcmd('EPSV'), self.sock.getpeername()) | |
else: | |
host, port = parse227(self.sendcmd('PASV')) | |
return host, port | |
def ntransfercmd(self, cmd, rest=None): | |
"""Initiate a transfer over the data connection. | |
If the transfer is active, send a port command and the | |
transfer command, and accept the connection. If the server is | |
passive, send a pasv command, connect to it, and start the | |
transfer command. Either way, return the socket for the | |
connection and the expected size of the transfer. The | |
expected size may be None if it could not be determined. | |
Optional `rest' argument can be a string that is sent as the | |
argument to a REST command. This is essentially a server | |
marker used to tell the server to skip over any data up to the | |
given marker. | |
""" | |
size = None | |
if self.passiveserver: | |
host, port = self.makepasv() | |
self.last_passive_host = host | |
self.last_passive_port = port | |
af, socktype, proto, canon, sa = socket.getaddrinfo( | |
host, port, 0, socket.SOCK_STREAM)[0] | |
conn = socket.socket(af, socktype, proto) | |
conn.connect(sa) | |
if self.connect_data: | |
conn.sendall(self.connect_data[1]) | |
if rest is not None: | |
self.sendcmd("REST %s" % rest) | |
time.sleep(0.01) | |
resp = self.sendcmd(cmd) | |
# Some servers apparently send a 200 reply to | |
# a LIST or STOR command, before the 150 reply | |
# (and way before the 226 reply). This seems to | |
# be in violation of the protocol (which only allows | |
# 1xx or error messages for LIST), so we just discard | |
# this response. | |
if resp[0] == '2': | |
resp = self.getresp() | |
if resp[0] != '1': | |
raise error_reply(resp) | |
else: | |
sock = self.makeport() | |
if rest is not None: | |
self.sendcmd("REST %s" % rest) | |
resp = self.sendcmd(cmd) | |
# See above. | |
if resp[0] == '2': | |
resp = self.getresp() | |
if resp[0] != '1': | |
raise error_reply(resp) | |
conn, sockaddr = sock.accept() | |
if self.timeout is not _GLOBAL_DEFAULT_TIMEOUT: | |
conn.settimeout(self.timeout) | |
if resp[:3] == '150': | |
# this is conditional in case we received a 125 | |
size = parse150(resp) | |
return conn, size | |
def transfercmd(self, cmd, rest=None): | |
"""Like ntransfercmd() but returns only the socket.""" | |
return self.ntransfercmd(cmd, rest)[0] | |
def login(self, user = '', passwd = '', acct = ''): | |
'''Login, default anonymous.''' | |
if not user: user = 'anonymous' | |
if not passwd: passwd = '' | |
if not acct: acct = '' | |
if user == 'anonymous' and passwd in ('', '-'): | |
# If there is no anonymous ftp password specified | |
# then we'll just use anonymous@ | |
# We don't send any other thing because: | |
# - We want to remain anonymous | |
# - We want to stop SPAM | |
# - We don't want to let ftp sites to discriminate by the user, | |
# host or country. | |
passwd = passwd + 'anonymous@' | |
resp = self.sendcmd('USER ' + user) | |
if resp[0] == '3': resp = self.sendcmd('PASS ' + passwd) | |
if resp[0] == '3': resp = self.sendcmd('ACCT ' + acct) | |
if resp[0] != '2': | |
raise error_reply(resp) | |
return resp | |
def retrbinary(self, cmd, callback, blocksize=8192, rest=None): | |
"""Retrieve data in binary mode. A new port is created for you. | |
Args: | |
cmd: A RETR command. | |
callback: A single parameter callable to be called on each | |
block of data read. | |
blocksize: The maximum number of bytes to read from the | |
socket at one time. [default: 8192] | |
rest: Passed to transfercmd(). [default: None] | |
Returns: | |
The response code. | |
""" | |
self.voidcmd('TYPE I') | |
conn = self.transfercmd(cmd, rest) | |
while 1: | |
data = conn.recv(blocksize) | |
if not data: | |
break | |
callback(data) | |
conn.close() | |
return self.voidresp() | |
def retrlines(self, cmd, callback = None, strip_line=True): | |
"""Retrieve data in line mode. A new port is created for you. | |
Args: | |
cmd: A RETR, LIST, NLST, or MLSD command. | |
callback: An optional single parameter callable that is called | |
for each line with the trailing CRLF stripped. | |
[default: print_line()] | |
strip_line: A flat for allowing to return the actual line separator | |
received over the data channel. | |
Returns: | |
The response code. | |
""" | |
if callback is None: callback = print_line | |
self.sendcmd('TYPE A') | |
conn = self.transfercmd(cmd) | |
# To support testing, we always read the content in binary mode. | |
fp = conn.makefile('rb') | |
while 1: | |
line = _read_binary_line(fp).decode(self.encoding) | |
if self.debugging > 2: print('*retr*', repr(line)) | |
if not line: | |
# Nothing read. We should be at EOF. | |
break | |
if strip_line: | |
if line[-2:] == CRLF: | |
line = line[:-2] | |
elif line[-1:] == '\n': | |
line = line[:-1] | |
callback(line) | |
fp.close() | |
conn.close() | |
return self.voidresp() | |
def storbinary(self, cmd, fp, blocksize=8192, callback=None, rest=None): | |
"""Store a file in binary mode. A new port is created for you. | |
Args: | |
cmd: A STOR command. | |
fp: A file-like object with a read(num_bytes) method. | |
blocksize: The maximum data size to read from fp and send over | |
the connection at once. [default: 8192] | |
callback: An optional single parameter callable that is called on | |
on each block of data after it is sent. [default: None] | |
rest: Passed to transfercmd(). [default: None] | |
Returns: | |
The response code. | |
""" | |
self.voidcmd('TYPE I') | |
conn = self.transfercmd(cmd, rest) | |
while 1: | |
buf = fp.read(blocksize) | |
if not buf: break | |
conn.sendall(buf) | |
if callback: callback(buf) | |
conn.close() | |
return self.voidresp() | |
def storlines(self, cmd, fp, callback=None): | |
"""Store a file in line mode. A new port is created for you. | |
Args: | |
cmd: A STOR command. | |
fp: A file-like object with a readline() method. | |
callback: An optional single parameter callable that is called on | |
on each line after it is sent. [default: None] | |
Returns: | |
The response code. | |
""" | |
self.voidcmd('TYPE A') | |
conn = self.transfercmd(cmd) | |
while 1: | |
# To support testing, the local file is always read the local | |
# source file binary mode. | |
buf = _read_binary_line(fp).decode(self.encoding) | |
if not buf: | |
break | |
if buf[-1] != '\n': | |
# No new line delimiter, so no need to convert it. | |
pass | |
elif buf[-2:] != CRLF: | |
# We need to convert the newline. | |
if buf[-1] in CRLF: | |
buf = buf[:-1] | |
buf = buf + CRLF | |
conn.sendall(buf.encode(self.encoding)) | |
if callback: callback(buf) | |
conn.close() | |
return self.voidresp() | |
def acct(self, password): | |
'''Send new account name.''' | |
cmd = 'ACCT ' + password | |
return self.voidcmd(cmd) | |
def nlst(self, *args): | |
'''Return a list of files in a given directory (default the current).''' | |
cmd = 'NLST' | |
for arg in args: | |
cmd = cmd + (' ' + arg) | |
files = [] | |
self.retrlines(cmd, files.append) | |
return files | |
def dir(self, *args): | |
'''List a directory in long form. | |
By default list current directory to stdout. | |
Optional last argument is callback function; all | |
non-empty arguments before it are concatenated to the | |
LIST command. (This *should* only be used for a pathname.)''' | |
cmd = 'LIST' | |
func = None | |
if args[-1:] and type(args[-1]) != type(''): | |
args, func = args[:-1], args[-1] | |
for arg in args: | |
if arg: | |
cmd = cmd + (' ' + arg) | |
self.retrlines(cmd, func) | |
def rename(self, fromname, toname): | |
'''Rename a file.''' | |
resp = self.sendcmd('RNFR ' + fromname) | |
if resp[0] != '3': | |
raise error_reply(resp) | |
return self.voidcmd('RNTO ' + toname) | |
def delete(self, filename): | |
'''Delete a file.''' | |
resp = self.sendcmd('DELE ' + filename) | |
if resp[:3] in ('250', '200'): | |
return resp | |
else: | |
raise error_reply(resp) | |
def cwd(self, dirname): | |
'''Change to a directory.''' | |
if dirname == '..': | |
try: | |
return self.voidcmd('CDUP') | |
except error_perm as msg: | |
if msg.args[0][:3] != '500': | |
raise | |
elif dirname == '': | |
dirname = '.' # does nothing, but could return error | |
cmd = 'CWD ' + dirname | |
return self.voidcmd(cmd) | |
def size(self, filename): | |
'''Retrieve the size of a file.''' | |
# The SIZE command is defined in RFC-3659 | |
resp = self.sendcmd('SIZE ' + filename) | |
if resp[:3] == '213': | |
s = resp[3:].strip() | |
try: | |
return int(s) | |
except (OverflowError, ValueError): | |
return int(s) | |
def mkd(self, dirname): | |
'''Make a directory, return its full pathname.''' | |
resp = self.sendcmd('MKD ' + dirname) | |
return parse257(resp) | |
def rmd(self, dirname): | |
'''Remove a directory.''' | |
return self.voidcmd('RMD ' + dirname) | |
def pwd(self): | |
'''Return current working directory.''' | |
resp = self.sendcmd('PWD') | |
return parse257(resp) | |
def quit(self): | |
'''Quit, and close the connection.''' | |
resp = self.voidcmd('QUIT') | |
self.close() | |
return resp | |
def close(self): | |
""" | |
Close the connection without assuming anything about it. | |
""" | |
if self.sock is not None: | |
try: | |
self.sock.shutdown(socket.SHUT_RDWR) | |
except socket.error as error: | |
if error.errno == errno.ENOTCONN: | |
# Shutdown is already done as socket is closed. | |
pass | |
else: | |
raise | |
self.sock.close() | |
if self.file is not None: | |
self.file.close() | |
self.file = self.sock = None | |
class FTP_TLS(FTP): | |
'''A FTP subclass which adds TLS support to FTP as described | |
in RFC-4217. | |
Connect as usual to port 21 explicitly securing the FTP control | |
connection before authenticating. | |
Securing the data connection requires user to explicitly ask | |
for it by calling prot_p() method. | |
Usage example: | |
>>> from ftplib import FTP_TLS | |
>>> ftps = FTP_TLS('ftp.python.org') | |
>>> ftps.login() # login anonymously previously securing control channel | |
'230 Guest login ok, access restrictions apply.' | |
>>> ftps.prot_p() # switch to secure data connection | |
'200 Protection level set to P' | |
>>> ftps.retrlines('LIST') # list directory content securely | |
total 9 | |
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 . | |
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 .. | |
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 bin | |
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 etc | |
d-wxrwxr-x 2 ftp wheel 1024 Sep 5 13:43 incoming | |
drwxr-xr-x 2 root wheel 1024 Nov 17 1993 lib | |
drwxr-xr-x 6 1094 wheel 1024 Sep 13 19:07 pub | |
drwxr-xr-x 3 root wheel 1024 Jan 3 1994 usr | |
-rw-r--r-- 1 root root 312 Aug 1 1994 welcome.msg | |
'226 Transfer complete.' | |
>>> ftps.quit() | |
'221 Goodbye.' | |
>>> | |
''' | |
ssl_version = ssl.SSLv23_METHOD | |
def __init__(self, host='', user='', passwd='', acct='', keyfile=None, | |
certfile=None, timeout=_GLOBAL_DEFAULT_TIMEOUT, | |
cipher_list=None, method=None, cafile=None): | |
self.keyfile = keyfile | |
self.certfile = certfile | |
self.cafile = cafile | |
self.cipher_list = cipher_list | |
if method is None: | |
method = self.ssl_version | |
self.method = method | |
self._prot_p = False | |
self.dtp_session_reuse = True | |
self.ssl_context = None | |
FTP.__init__(self, host, user, passwd, acct, timeout) | |
def init_ssl_context(self): | |
'''Retun a SSL context for this client.''' | |
if self.ssl_context is None: | |
self.ssl_context = ssl.Context(self.method) | |
if not self.cipher_list: | |
self.cipher_list = 'ALL' + OPENSSL_SECLEVEL | |
self.ssl_context.set_cipher_list(self.cipher_list) | |
if self.certfile: | |
self.ssl_context.use_certificate_file(self.certfile) | |
if not self.keyfile: | |
self.keyfile = self.certfile | |
if self.keyfile: | |
self.ssl_context.use_privatekey_file(self.keyfile) | |
if self.cafile: | |
def verify_server_certificate( | |
conn, cert, errno, depth, preverify_ok): | |
return preverify_ok | |
self.ssl_context.set_verify( | |
ssl.VERIFY_PEER | ssl.VERIFY_FAIL_IF_NO_PEER_CERT | | |
ssl.VERIFY_CLIENT_ONCE, | |
verify_server_certificate, | |
) | |
self.ssl_context.load_verify_locations(self.cafile, None) | |
self._OP_ALL = getattr(ssl, 'OP_ALL', 0x0000FFFF) | |
self.ssl_context.set_options(self._OP_ALL) | |
# OP_NO_TICKET is not (yet) exposed by PyOpenSSL | |
self._OP_NO_TICKET = 0x00004000 | |
self.ssl_context.set_options(self._OP_NO_TICKET) | |
self.ssl_context.set_options(ssl.OP_SINGLE_DH_USE) | |
def getline(self): | |
""" | |
SSL wrapper for plan FTP.getline | |
""" | |
return self._callSSL(FTP.getline, self) | |
def putline(self, line): | |
""" | |
SSL wrapper for plan FTP.putline | |
""" | |
return self._callSSL(FTP.putline, self, line) | |
def _callSSL(self, callback, *args, **kwargs): | |
""" | |
Try to call a method which uses the SSL layer, | |
retrying on WantReadError. | |
""" | |
_tries = kwargs.pop('_tries', 0) | |
try: | |
return callback(*args, **kwargs) | |
except (ssl.WantReadError, ssl.WantWriteError): # noqa:cover | |
# This means that SSL layers still needs to read data in order | |
# to get our data. | |
# We wait for SSL thread to do its job and try again. | |
# Waiting for less results in reaching the | |
# recursion limit. | |
if _tries > 20: | |
# We already tried enough. | |
raise | |
time.sleep(0.1) | |
kwargs['_tries'] = _tries + 1 | |
return self._callSSL(callback, *args, **kwargs) | |
except ssl.SysCallError as error: | |
# Connection was closed. | |
raise error_perm('SysCallError {}'.format(error)) | |
def doSSLShutdown(self, socket, timeout=10): | |
""" | |
Clear the SSL part of a socket. | |
""" | |
if not isinstance(socket, ssl.Connection): | |
return | |
start_time = time.time() | |
socket.set_shutdown(ssl.SENT_SHUTDOWN | ssl.RECEIVED_SHUTDOWN) | |
while time.time() - start_time < timeout: | |
try: | |
# Try the handshake, just in the case in which it was | |
# accidentally not triggered yet. | |
socket.do_handshake() | |
except ssl.WantReadError: | |
pass | |
state = socket.get_state_string() | |
if state == b'SSL negotiation finished successfully': | |
break | |
if not socket.shutdown(): | |
# TLS not yet finalized. | |
# Wait and retry. | |
time.sleep(0.1) | |
socket.shutdown() | |
def close(self): | |
""" | |
Close the connection without assuming anything about it. | |
""" | |
if self.sock is not None: | |
try: | |
# On FTPS self.sock is a SSL.Connection. | |
try: | |
self.sock.shutdown() | |
except TypeError: | |
# We might have downgraded the data channel using CCC. | |
self.sock.shutdown(socket.SHUT_RDWR) | |
self.sock.close() | |
except socket.error as error: | |
if error.errno == errno.ENOTCONN: | |
# Shutdown is already done as socket is closed. | |
pass | |
else: | |
raise | |
if self.file is not None: | |
self.file.close() | |
self.file = self.sock = None | |
def login(self, user='', passwd='', acct='', secure=True): | |
if secure and not isinstance(self.sock, ssl.Connection): | |
self.auth() | |
return FTP.login(self, user, passwd, acct) | |
def auth(self): | |
'''Set up secure control connection by using TLS/SSL.''' | |
if isinstance(self.sock, ssl.Connection): | |
raise ValueError("Already using TLS") | |
if self.method == ssl.TLSv1_METHOD: | |
resp = self.voidcmd('AUTH TLS') | |
else: | |
resp = self.voidcmd('AUTH SSL') | |
self.init_ssl_context() | |
# The non-SSL-wrapped socket. | |
self._clean_socket = self.sock | |
self._clean_file = self.file | |
self.sock = ssl.Connection(self.ssl_context, self.sock) | |
self.sock.setblocking(True) | |
self.sock.set_connect_state() | |
try: | |
self.sock.do_handshake() | |
except ssl.WantReadError: | |
pass | |
if six.PY2: | |
self.file = socket._fileobject(self.sock, 'rb') | |
else: | |
self.file = socket.SocketIO(self.sock, 'rb') | |
return resp | |
def prot_p(self): | |
'''Set up secure data connection.''' | |
# PROT defines whether or not the data channel is to be protected. | |
# Though RFC-2228 defines four possible protection levels, | |
# RFC-4217 only recommends two, Clear and Private. | |
# Clear (PROT C) means that no security is to be used on the | |
# data-channel, Private (PROT P) means that the data-channel | |
# should be protected by TLS. | |
# PBSZ command MUST still be issued, but must have a parameter of | |
# '0' to indicate that no buffering is taking place and the data | |
# connection should not be encapsulated. | |
self.voidcmd('PBSZ 0') | |
resp = self.voidcmd('PROT P') | |
self._prot_p = True | |
return resp | |
def prot_c(self): | |
'''Set up clear text data connection.''' | |
resp = self.voidcmd('PROT C') | |
self._prot_p = False | |
return resp | |
def ccc(self): | |
if not isinstance(self.sock, ssl.Connection): | |
raise ValueError("not using TLS") | |
resp = self.voidcmd('CCC') | |
self.sock.set_shutdown(ssl.SENT_SHUTDOWN | ssl.RECEIVED_SHUTDOWN) | |
done = self.sock.shutdown() | |
assert done is True | |
self.sock = self._clean_socket | |
self.file = self.sock.makefile('rb') | |
# Flush the data from the tls shutdown. | |
self.sock.recv(100) | |
return resp | |
# --- Overridden FTP methods | |
def ntransfercmd(self, cmd, rest=None): | |
'''See `FTP.ntransfercmd`. | |
Initiate a transfer over data channel.''' | |
conn, size = FTP.ntransfercmd(self, cmd, rest) | |
if self._prot_p: | |
conn = ssl.Connection(self.ssl_context, conn) | |
conn.set_connect_state() | |
if self.dtp_session_reuse: | |
conn.set_session(self.sock.get_session()) | |
return conn, size | |
def retrbinary(self, cmd, callback, blocksize=8192, rest=None): | |
self.voidcmd('TYPE I') | |
conn = self.transfercmd(cmd, rest) | |
try: | |
while 1: | |
data = None | |
try: | |
data = self._callSSL(conn.recv, blocksize) | |
except ssl.ZeroReturnError: | |
# pyOpenSSL does not return 0, but rather | |
# SSL.ZeroReturnError | |
pass | |
if not data: | |
break | |
callback(data) | |
self.doSSLShutdown(conn) | |
except error_perm: | |
# There was an error processing the data connection. | |
# Read the command response and forward the error. | |
resp = self.getresp() | |
raise error_perm(resp) | |
finally: | |
conn.close() | |
return self.voidresp() | |
def retrlines(self, cmd, callback=None, strip_line=True): | |
""" | |
Read lines over SSL. | |
""" | |
if callback is None: | |
callback = print_line | |
self.sendcmd('TYPE A') | |
conn = self.transfercmd(cmd) | |
# Content of unfinished line. | |
buff = b'' | |
try: | |
while 1: | |
try: | |
data = self._callSSL(conn.recv, 8192) | |
if not data: | |
break | |
except ssl.ZeroReturnError: | |
'''When the socket is using SSL it will raise | |
ZeroReturnError instead of returning 0.''' | |
break | |
data = buff + data | |
buff = b'' | |
lines = data.splitlines(True) | |
last_line = lines[-1] | |
if not last_line.endswith(b'\n'): | |
# last line does not have a new line... so it might | |
# be a partial line. | |
buff = last_line | |
lines = lines[:-1] | |
for line in lines: | |
if strip_line: | |
if line[-2:] == B_CRLF: | |
line = line[:-2] | |
elif line[-1:] == '\n': | |
line = line[:-1] | |
callback(line.decode(self.encoding)) | |
# Notify last line, if not sent already. | |
if buff: | |
callback(buff.decode(self.encoding)) | |
self.doSSLShutdown(conn) | |
except error_perm: | |
# There was an error processing the data connection. | |
# Read the command response and forward the error. | |
resp = self.getresp() | |
raise error_perm(resp) | |
finally: | |
conn.close() | |
return self.voidresp() | |
def storbinary(self, cmd, fp, blocksize=8192, callback=None, rest=None): | |
self.voidcmd('TYPE I') | |
conn = self.transfercmd(cmd, rest) | |
try: | |
while 1: | |
buf = fp.read(blocksize) | |
if not buf: | |
break | |
self._callSSL(conn.sendall, buf) | |
if callback: | |
callback(buf) | |
self.doSSLShutdown(conn) | |
finally: | |
conn.close() | |
return self.voidresp() | |
def storlines(self, cmd, fp, callback=None): | |
self.voidcmd('TYPE A') | |
conn = self.transfercmd(cmd) | |
try: | |
while 1: | |
buf = _read_binary_line(fp).decode(self.encoding) | |
if not buf: | |
break | |
if buf[-1] != '\n': | |
# No new line delimiter, so no need to convert it. | |
pass | |
elif buf[-2:] != CRLF: | |
if buf[-1] in CRLF: | |
buf = buf[:-1] | |
buf = buf + CRLF | |
self._callSSL(conn.sendall, buf.encode(self.encoding)) | |
if callback: | |
callback(buf) | |
# Wait a bit for the last chunk to be sent. | |
# I have no idea why this is needed for the ASCII tests. | |
# as for SSL it all should be bytes. | |
# This failure was not observed for binary tests executed via | |
# storbinary, but it might be because for binary all data is | |
# written in one go. | |
time.sleep(0.1) | |
self.doSSLShutdown(conn) | |
finally: | |
conn.close() | |
return self.voidresp() | |
all_errors = (Error, IOError, EOFError, ssl.Error) | |
class FTP_TLSI(FTP_TLS): | |
'''A FTP_TLS subclass which add implicit FTPS support.''' | |
def __init__(self, *args, **kwargs): | |
FTP_TLS.__init__(self, *args, **kwargs) | |
self.init_ssl_context() | |
def connect(self, host='', port=0, timeout=-999): | |
'''Connect to host. Arguments are: | |
- host: hostname to connect to (string, default previous host) | |
- port: port to connect to (integer, default previous port) | |
''' | |
if host != '': | |
self.host = host | |
if port > 0: | |
self.port = port | |
if timeout != -999: | |
self.timeout = timeout | |
msg = "getaddrinfo returns an empty list" | |
for res in socket.getaddrinfo( | |
self.host, self.port, 0, socket.SOCK_STREAM): | |
af, socktype, proto, canonname, sa = res | |
try: | |
self._clean_socket = socket.socket(af, socktype) | |
self._clean_socket.setblocking(True) | |
self._clean_socket.connect(sa) | |
self.sock = ssl.Connection( | |
self.ssl_context, self._clean_socket) | |
self.sock.setblocking(True) | |
self.sock.set_connect_state() | |
except socket.error as msg: | |
if self.sock: | |
self.sock.close() | |
self.sock = None | |
continue | |
break | |
if not self.sock: | |
raise socket.error(msg) | |
self.af = self.sock.family | |
if self.connect_data: | |
self._clean_socket.sendall(self.connect_data[0]) | |
try: | |
self.sock.do_handshake() | |
except ssl.WantReadError: | |
pass | |
if six.PY2: | |
self.file = socket._fileobject(self.sock, 'rb') | |
else: | |
self.file = socket.SocketIO(self.sock, 'rb') | |
self.welcome = self.getresp() | |
return self.welcome | |
def login(self, user='', passwd='', acct='', secure=True): | |
return FTP.login(self, user, passwd, acct) | |
def auth(self): | |
""" | |
Called to initiate explicit FTPS. | |
""" | |
raise AssertionError('FTPSI has no AUTH command.') | |
_150_re = None | |
def parse150(resp): | |
'''Parse the '150' response for a RETR request. | |
Returns the expected transfer size or None; size is not guaranteed to | |
be present in the 150 message. | |
''' | |
if resp[:3] != '150': | |
raise error_reply(resp) | |
global _150_re | |
if _150_re is None: | |
import re | |
_150_re = re.compile("150 .* \((\d+) bytes\)", re.IGNORECASE) | |
m = _150_re.match(resp) | |
if not m: | |
return None | |
s = m.group(1) | |
try: | |
return int(s) | |
except (OverflowError, ValueError): | |
return int(s) | |
_227_re = None | |
def parse227(resp): | |
'''Parse the '227' response for a PASV request. | |
Raises error_proto if it does not contain '(h1,h2,h3,h4,p1,p2)' | |
Return ('host.addr.as.numbers', port#) tuple.''' | |
if resp[:3] != '227': | |
raise error_reply(resp) | |
global _227_re | |
if _227_re is None: | |
import re | |
_227_re = re.compile(r'(\d+),(\d+),(\d+),(\d+),(\d+),(\d+)') | |
m = _227_re.search(resp) | |
if not m: | |
raise error_proto(resp) | |
numbers = m.groups() | |
host = '.'.join(numbers[:4]) | |
port = (int(numbers[4]) << 8) + int(numbers[5]) | |
return host, port | |
def parse229(resp, peer): | |
'''Parse the '229' response for a EPSV request. | |
Raises error_proto if it does not contain '(|||port|)' | |
Return ('host.addr.as.numbers', port#) tuple.''' | |
if resp[:3] != '229': | |
raise error_reply(resp) | |
left = resp.find('(') | |
if left < 0: raise error_proto(resp) | |
right = resp.find(')', left + 1) | |
if right < 0: | |
raise error_proto(resp) # should contain '(|||port|)' | |
if resp[left + 1] != resp[right - 1]: | |
raise error_proto(resp) | |
parts = resp[left + 1:right].split(resp[left+1]) | |
if len(parts) != 5: | |
raise error_proto(resp) | |
host = peer[0] | |
port = int(parts[3]) | |
return host, port | |
def parse257(resp): | |
'''Parse the '257' response for a MKD or PWD request. | |
This is a response to a MKD or PWD request: a directory name. | |
Returns the directoryname in the 257 reply.''' | |
if resp[:3] != '257': | |
raise error_reply(resp) | |
if resp[3:5] != ' "': | |
return '' # Not compliant to RFC 959, but UNIX ftpd does this | |
dirname = '' | |
i = 5 | |
n = len(resp) | |
while i < n: | |
c = resp[i] | |
i = i+1 | |
if c == '"': | |
if i >= n or resp[i] != '"': | |
break | |
i = i+1 | |
dirname = dirname + c | |
return dirname | |
def print_line(line): | |
'''Default retrlines callback to print a line.''' | |
print(line) | |
def ftpcp(source, sourcename, target, targetname = '', type = 'I'): | |
'''Copy file from one FTP-instance to another.''' | |
if not targetname: targetname = sourcename | |
type = 'TYPE ' + type | |
source.voidcmd(type) | |
target.voidcmd(type) | |
sourcehost, sourceport = parse227(source.sendcmd('PASV')) | |
target.sendport(sourcehost, sourceport) | |
# RFC 959: the user must "listen" [...] BEFORE sending the | |
# transfer request. | |
# So: STOR before RETR, because here the target is a "user". | |
treply = target.sendcmd('STOR ' + targetname) | |
if treply[:3] not in ('125', '150'): raise error_proto() # RFC 959 | |
sreply = source.sendcmd('RETR ' + sourcename) | |
if sreply[:3] not in ('125', '150'): raise error_proto() # RFC 959 | |
source.voidresp() | |
target.voidresp() | |
class Netrc: | |
"""Class to parse & provide access to 'netrc' format files. | |
See the netrc(4) man page for information on the file format. | |
WARNING: This class is obsolete -- use module netrc instead. | |
""" | |
__defuser = None | |
__defpasswd = None | |
__defacct = None | |
def __init__(self, filename=None): | |
if filename is None: | |
if "HOME" in os.environ: | |
filename = os.path.join(os.environ["HOME"], | |
".netrc") | |
else: | |
raise IOError( | |
"specify file to load or set $HOME") | |
self.__hosts = {} | |
self.__macros = {} | |
fp = open(filename, "r") | |
in_macro = 0 | |
macro_name = None | |
macro_lines = [] | |
while 1: | |
line = _read_line(fp) | |
if not line: break | |
if in_macro and line.strip(): | |
macro_lines.append(line) | |
continue | |
elif in_macro: | |
self.__macros[macro_name] = tuple(macro_lines) | |
in_macro = 0 | |
words = line.split() | |
host = user = passwd = acct = None | |
default = 0 | |
i = 0 | |
while i < len(words): | |
w1 = words[i] | |
if i+1 < len(words): | |
w2 = words[i + 1] | |
else: | |
w2 = None | |
if w1 == 'default': | |
default = 1 | |
elif w1 == 'machine' and w2: | |
host = w2.lower() | |
i = i + 1 | |
elif w1 == 'login' and w2: | |
user = w2 | |
i = i + 1 | |
elif w1 == 'password' and w2: | |
passwd = w2 | |
i = i + 1 | |
elif w1 == 'account' and w2: | |
acct = w2 | |
i = i + 1 | |
elif w1 == 'macdef' and w2: | |
macro_name = w2 | |
macro_lines = [] | |
in_macro = 1 | |
break | |
i = i + 1 | |
if default: | |
self.__defuser = user or self.__defuser | |
self.__defpasswd = passwd or self.__defpasswd | |
self.__defacct = acct or self.__defacct | |
if host: | |
if host in self.__hosts: | |
ouser, opasswd, oacct = \ | |
self.__hosts[host] | |
user = user or ouser | |
passwd = passwd or opasswd | |
acct = acct or oacct | |
self.__hosts[host] = user, passwd, acct | |
fp.close() | |
def get_hosts(self): | |
"""Return a list of hosts mentioned in the .netrc file.""" | |
return list(self.__hosts.keys()) | |
def get_account(self, host): | |
"""Returns login information for the named host. | |
The return value is a triple containing userid, | |
password, and the accounting field. | |
""" | |
host = host.lower() | |
user = passwd = acct = None | |
if host in self.__hosts: | |
user, passwd, acct = self.__hosts[host] | |
user = user or self.__defuser | |
passwd = passwd or self.__defpasswd | |
acct = acct or self.__defacct | |
return user, passwd, acct | |
def get_macros(self): | |
"""Return a list of all defined macro names.""" | |
return list(self.__macros.keys()) | |
def get_macro(self, macro): | |
"""Return a sequence of lines which define a named macro.""" | |
return self.__macros[macro] | |
def test(): | |
'''Test program. | |
Usage: ftp [-d] [-r[file]] host [-l[dir]] [-d[dir]] [-p] [file] ... | |
-d dir | |
-l list | |
-p password | |
''' | |
if len(sys.argv) < 2: | |
print(test.__doc__) | |
sys.exit(0) | |
debugging = 0 | |
rcfile = None | |
while sys.argv[1] == '-d': | |
debugging = debugging+1 | |
del sys.argv[1] | |
if sys.argv[1][:2] == '-r': | |
# get name of alternate ~/.netrc file: | |
rcfile = sys.argv[1][2:] | |
del sys.argv[1] | |
host = sys.argv[1] | |
ftp = FTP(host) | |
ftp.set_debuglevel(debugging) | |
userid = passwd = acct = '' | |
try: | |
netrc = Netrc(rcfile) | |
except IOError: | |
if rcfile is not None: | |
sys.stderr.write("Could not open account file" | |
" -- using anonymous login.") | |
else: | |
try: | |
userid, passwd, acct = netrc.get_account(host) | |
except KeyError: | |
# no account for host | |
sys.stderr.write( | |
"No account -- using anonymous login.") | |
ftp.login(userid, passwd, acct) | |
for file in sys.argv[2:]: | |
if file[:2] == '-l': | |
ftp.dir(file[2:]) | |
elif file[:2] == '-d': | |
cmd = 'CWD' | |
if file[2:]: cmd = cmd + ' ' + file[2:] | |
ftp.sendcmd(cmd) | |
elif file == '-p': | |
ftp.set_pasv(not ftp.passiveserver) | |
else: | |
ftp.retrbinary('RETR ' + file, \ | |
sys.stdout.write, 1024) | |
ftp.quit() | |
if __name__ == '__main__': | |
test() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment