RubyGems - ftpd - Versions diffs - 0.4.0 → 0.5.0 - Mend

ftpd 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

data/Changelog.md +33 -0
data/Gemfile +1 -0
data/Gemfile.lock +5 -0
data/README.md +29 -30
data/VERSION +1 -1
data/config/cucumber.yml +2 -0
data/doc/benchmarks.md +92 -0
data/doc/references.md +39 -12
data/doc/rfc-compliance.md +6 -6
data/examples/example.rb +21 -0
data/features/ftp_server/command_errors.feature +0 -1
data/features/ftp_server/logging.feature +11 -0
data/features/ftp_server/port.feature +15 -0
data/features/ftp_server/status.feature +19 -0
data/features/ftp_server/step_definitions/logging.rb +8 -0
data/features/ftp_server/step_definitions/test_server.rb +19 -2
data/features/ftp_server/timeout.feature +26 -0
data/features/step_definitions/error_replies.rb +5 -0
data/features/step_definitions/status.rb +17 -0
data/features/step_definitions/timeout.rb +11 -0
data/features/support/test_client.rb +13 -1
data/features/support/test_server.rb +23 -9
data/ftpd.gemspec +18 -5
data/lib/ftpd.rb +3 -0
data/lib/ftpd/ftp_server.rb +52 -18
data/lib/ftpd/null_logger.rb +22 -0
data/lib/ftpd/server.rb +11 -2
data/lib/ftpd/session.rb +71 -25
data/lib/ftpd/telnet.rb +119 -0
data/rake_tasks/cucumber.rake +0 -1
data/spec/null_logger_spec.rb +24 -0
data/spec/telnet_spec.rb +75 -0
metadata +32 -6
data/features/ftp_server/debug.feature +0 -17
data/features/ftp_server/step_definitions/debug.rb +0 -8

data/features/ftp_server/command_errors.feature CHANGED

@@ -23,4 +23,3 @@ Feature: Command Errors
       | REST    |
       | SITE    |
       | SMNT    |
-      | STAT    |

data/features/ftp_server/logging.feature ADDED

@@ -0,0 +1,11 @@
+Feature: Logging
+  As a programmer
+  I want to see logging output
+  So that I can fix FTP protocol problems
+  Scenario: Logging enabled
+    Given the test server has logging enabled
+    And the test server is started
+    And a successful login
+    Then the server should have written log output

data/features/ftp_server/port.feature CHANGED

@@ -7,6 +7,21 @@ Feature: Port
   Background:
     Given the test server is started
+  Scenario: Port 1024
+    Given a successful login
+    Then the client successfully sends "PORT 1,2,3,4,4,0"
+  Scenario: Port 1023; low ports disallowed
+    Given the test server disallows low data ports
+    And a successful login
+    When the client sends "PORT 1,2,3,4,3,255"
+    Then the server returns an unimplemented parameter error
+  Scenario: Port 1023; low ports allowed
+    Given the test server allows low data ports
+    And a successful login
+    Then the client successfully sends "PORT 1,2,3,4,3,255"
   Scenario: Not logged in
     Given a successful connection
     When the client sends PORT "1,2,3,4,5,6"

data/features/ftp_server/status.feature ADDED

@@ -0,0 +1,19 @@
+Feature: Status
+  As a client
+  I want server status
+  To know what state the server is in
+  Background:
+    Given the test server is started
+  Scenario: Not logged in
+    Given a successful connection
+    When the client requests status
+    Then the server returns a not logged in error
+  Scenario: Server status
+    Given a successful login
+    When the client successfully requests status
+    Then the server returns its name
+    And the server returns its version

data/features/ftp_server/step_definitions/logging.rb ADDED

@@ -0,0 +1,8 @@
+Then /^the server should have written( no)? log output$/ do |neg|
+  method = if neg
+             :should
+           else
+             :should_not
+           end
+  server.log_output.send(method) == ''
+end

data/features/ftp_server/step_definitions/test_server.rb CHANGED

@@ -10,8 +10,8 @@ Given /^the test server has TLS mode "(\w+)"$/ do |mode|
   server.tls = mode.to_sym
 end
-Given /^the test server has debug (enabled|disabled)$/ do |state|
-  server.debug = state == 'enabled'
+Given /^the test server has logging (enabled|disabled)$/ do |state|
+  server.logging = state == 'enabled'
 end
 Given /^the test server lacks (\w+)$/ do |feature|
@@ -22,3 +22,20 @@ Given /^the test server has auth level "(.*?)"$/ do |auth_level|
   auth_level = Ftpd.const_get(auth_level)
   server.auth_level = auth_level
 end
+Given /^the test server has session timeout set to (\S+) seconds$/ do
+|timeout|
+  server.session_timeout = timeout.to_f
+end
+Given /^the test server has session timeout disabled$/ do
+  server.session_timeout = nil
+end
+Given /^the test server disallows low data ports$/ do
+  server.allow_low_data_ports = false
+end
+Given /^the test server allows low data ports$/ do
+  server.allow_low_data_ports = true
+end

data/features/ftp_server/timeout.feature ADDED

@@ -0,0 +1,26 @@
+Feature: Port
+  As a programmer
+  I want idle sessions to timeout and disconnect
+  So that I can claim RFC compliance
+  Scenario: Session idle too long
+    Given the test server has session timeout set to 0.5 seconds
+    And the test server is started
+    And a successful login
+    When the client is idle for 0.6 seconds
+    Then the client is not connected
+  Scenario: Session not idle too long
+    Given the test server has session timeout set to 0.5 seconds
+    And the test server is started
+    And a successful login
+    When the client is idle for 0 seconds
+    Then the client is connected
+  Scenario: Timeout disabled
+    Given the test server has session timeout disabled
+    And the test server is started
+    And a successful login
+    When the client is idle for 0.6 seconds
+    Then the client is connected

data/features/step_definitions/error_replies.rb CHANGED

@@ -73,6 +73,11 @@ Then /^the server returns a format not implemented error$/ do
   step 'the server returns a "504 Format not implemented" error'
 end
+Then /^the server returns an unimplemented parameter error$/ do
+  step('the server returns a "504 Command not '\
+       'implemented for that parameter" error')
+end
 Then /^the server returns a command unrecognized error$/ do
   step 'the server returns a "500 Syntax error, command unrecognized" error'
 end

data/features/step_definitions/status.rb ADDED

@@ -0,0 +1,17 @@
+When /^the client successfully requests status$/ do
+  @status = @client.status
+end
+When /^the client requests status$/ do
+  capture_error do
+    step 'the client successfully requests status'
+  end
+end
+Then /^the server returns its name$/ do
+  @status.should include @server.server_name
+end
+Then /^the server returns its version$/ do
+  @status.should =~ /\b\d+\.\d+\.\d+\b/
+end

data/features/step_definitions/timeout.rb ADDED

@@ -0,0 +1,11 @@
+When /^the client is idle for (\S+) seconds$/ do |seconds|
+  sleep seconds.to_f
+end
+Then /^the client is connected$/ do
+  @client.should be_connected
+end
+Then /^the client is not connected$/ do
+  @client.should_not be_connected
+end

data/features/support/test_client.rb CHANGED

@@ -30,9 +30,10 @@ class TestClient
   :noop,
   :passive=,
   :pwd,
+  :quit,
   :rename,
   :rmdir,
-  :quit,
+  :status,
   :system
   def raw(*command)
@@ -91,6 +92,17 @@ class TestClient
     end
   end
+  def connected?
+    begin
+      @ftp.noop
+      true
+    rescue Net::FTPTempError => e
+      !!e.to_s =~ /^421/
+    rescue EOFError
+      false
+    end
+  end
   private
   RAW_METHOD_REGEX = /^send_(.*)$/

data/features/support/test_server.rb CHANGED

@@ -1,5 +1,6 @@
 require 'fileutils'
 require 'forwardable'
+require 'stringio'
 require 'tempfile'
 require File.expand_path('test_server_files',
@@ -202,22 +203,24 @@ class TestServer
   include Ftpd::InsecureCertificate
   include TestServerFiles
+  attr_writer :logging
   def initialize
     @temp_dir = Ftpd::TempDir.make
-    @debug_file = Tempfile.new('ftp-server-debug-output')
-    @debug_file.close
+    @log_device = StringIO.new
     @driver = TestServerDriver.new(@temp_dir)
     @server = Ftpd::FtpServer.new(@driver)
     @server.certfile_path = insecure_certfile_path
-    @server.debug_path = @debug_file.path
     @templates = TestFileTemplates.new
-    self.debug = false
     self.tls = :off
   end
+  def_delegator :@server, :'allow_low_data_ports='
   def_delegator :@server, :'auth_level'
   def_delegator :@server, :'auth_level='
-  def_delegator :@server, :'debug='
+  def_delegator :@server, :'server_name'
+  def_delegator :@server, :'server_name='
+  def_delegator :@server, :'session_timeout='
   def_delegator :@server, :'tls='
   def_delegator :@driver, :'append='
@@ -229,7 +232,12 @@ class TestServer
   def_delegator :@driver, :'rename='
   def_delegator :@driver, :'write='
+  def log_output
+    @log_device.string
+  end
   def start
+    @server.log = make_log
     @server.start
   end
@@ -237,10 +245,6 @@ class TestServer
     @server.stop
   end
-  def debug_output
-    IO.read(@debug_file.path)
-  end
   def host
     'localhost'
   end
@@ -271,4 +275,14 @@ class TestServer
     @temp_dir
   end
+  def make_log
+    if @logging
+      Logger.new(@log_device)
+    elsif ENV['FTPD_DEBUG'].to_i != 0
+      Logger.new($stdout)
+    else
+      nil
+    end
+  end
 end

data/ftpd.gemspec CHANGED

@@ -5,12 +5,12 @@
 Gem::Specification.new do |s|
   s.name = "ftpd"
-  s.version = "0.4.0"
+  s.version = "0.5.0"
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Wayne Conrad"]
-  s.date = "2013-03-06"
-  s.description = "ftpd is a pure Ruby FTP server library.  It supports implicit and explicit TLS, passive and active mode, and most of the commands specified in RFC 969.  It an be used as part of a test fixture or embedded in a program."
+  s.date = "2013-03-10"
+  s.description = "ftpd is a pure Ruby FTP server library.  It supports implicit and explicit TLS, passive and active mode, and is unconditionally complaint per RFC-1123.  It an be used as part of a test fixture or embedded in a program."
   s.email = "wconrad@yagni.com"
   s.extra_rdoc_files = [
     "LICENSE.md",
@@ -25,6 +25,8 @@ Gem::Specification.new do |s|
     "README.md",
     "Rakefile",
     "VERSION",
+    "config/cucumber.yml",
+    "doc/benchmarks.md",
     "doc/references.md",
     "doc/rfc-compliance.md",
     "examples/example.rb",
@@ -38,7 +40,6 @@ Gem::Specification.new do |s|
     "features/ftp_server/cdup.feature",
     "features/ftp_server/command_errors.feature",
     "features/ftp_server/concurrent_sessions.feature",
-    "features/ftp_server/debug.feature",
     "features/ftp_server/delete.feature",
     "features/ftp_server/directory_navigation.feature",
     "features/ftp_server/file_structure.feature",
@@ -49,6 +50,7 @@ Gem::Specification.new do |s|
     "features/ftp_server/invertability.feature",
     "features/ftp_server/list.feature",
     "features/ftp_server/list_tls.feature",
+    "features/ftp_server/logging.feature",
     "features/ftp_server/login_auth_level_account.feature",
     "features/ftp_server/login_auth_level_password.feature",
     "features/ftp_server/login_auth_level_user.feature",
@@ -64,10 +66,12 @@ Gem::Specification.new do |s|
     "features/ftp_server/quit.feature",
     "features/ftp_server/rename.feature",
     "features/ftp_server/rmdir.feature",
-    "features/ftp_server/step_definitions/debug.rb",
+    "features/ftp_server/status.feature",
+    "features/ftp_server/step_definitions/logging.rb",
     "features/ftp_server/step_definitions/test_server.rb",
     "features/ftp_server/syntax_errors.feature",
     "features/ftp_server/syst.feature",
+    "features/ftp_server/timeout.feature",
     "features/ftp_server/type.feature",
     "features/step_definitions/append.rb",
     "features/step_definitions/client.rb",
@@ -97,9 +101,11 @@ Gem::Specification.new do |s|
     "features/step_definitions/rename.rb",
     "features/step_definitions/rmdir.rb",
     "features/step_definitions/server_files.rb",
+    "features/step_definitions/status.rb",
     "features/step_definitions/stop_server.rb",
     "features/step_definitions/success_replies.rb",
     "features/step_definitions/system.rb",
+    "features/step_definitions/timeout.rb",
     "features/step_definitions/type.rb",
     "features/support/env.rb",
     "features/support/example_server.rb",
@@ -125,9 +131,11 @@ Gem::Specification.new do |s|
     "lib/ftpd/insecure_certificate.rb",
     "lib/ftpd/list_format/eplf.rb",
     "lib/ftpd/list_format/ls.rb",
+    "lib/ftpd/null_logger.rb",
     "lib/ftpd/read_only_disk_file_system.rb",
     "lib/ftpd/server.rb",
     "lib/ftpd/session.rb",
+    "lib/ftpd/telnet.rb",
     "lib/ftpd/temp_dir.rb",
     "lib/ftpd/tls_server.rb",
     "lib/ftpd/translate_exceptions.rb",
@@ -144,7 +152,9 @@ Gem::Specification.new do |s|
     "spec/file_system_error_translator_spec.rb",
     "spec/list_format/eplf_spec.rb",
     "spec/list_format/ls_spec.rb",
+    "spec/null_logger_spec.rb",
     "spec/spec_helper.rb",
+    "spec/telnet_spec.rb",
     "spec/translate_exceptions_spec.rb"
   ]
   s.homepage = "http://github.com/wconrad/ftpd"
@@ -160,6 +170,7 @@ Gem::Specification.new do |s|
       s.add_runtime_dependency(%q<memoizer>, ["~> 1.0.1"])
       s.add_development_dependency(%q<cucumber>, [">= 0"])
       s.add_development_dependency(%q<double-bag-ftps>, [">= 0"])
+      s.add_development_dependency(%q<fuubar-cucumber>, [">= 0"])
       s.add_development_dependency(%q<jeweler>, [">= 0"])
       s.add_development_dependency(%q<rake>, [">= 0"])
       s.add_development_dependency(%q<redcarpet>, [">= 0"])
@@ -170,6 +181,7 @@ Gem::Specification.new do |s|
       s.add_dependency(%q<memoizer>, ["~> 1.0.1"])
       s.add_dependency(%q<cucumber>, [">= 0"])
       s.add_dependency(%q<double-bag-ftps>, [">= 0"])
+      s.add_dependency(%q<fuubar-cucumber>, [">= 0"])
       s.add_dependency(%q<jeweler>, [">= 0"])
       s.add_dependency(%q<rake>, [">= 0"])
       s.add_dependency(%q<redcarpet>, [">= 0"])
@@ -181,6 +193,7 @@ Gem::Specification.new do |s|
     s.add_dependency(%q<memoizer>, ["~> 1.0.1"])
     s.add_dependency(%q<cucumber>, [">= 0"])
     s.add_dependency(%q<double-bag-ftps>, [">= 0"])
+    s.add_dependency(%q<fuubar-cucumber>, [">= 0"])
     s.add_dependency(%q<jeweler>, [">= 0"])
     s.add_dependency(%q<rake>, [">= 0"])
     s.add_dependency(%q<redcarpet>, [">= 0"])

data/lib/ftpd.rb CHANGED

@@ -1,4 +1,5 @@
 require 'fileutils'
+require 'logger'
 require 'memoizer'
 require 'openssl'
 require 'pathname'
@@ -20,9 +21,11 @@ module Ftpd
   autoload :FileSystemMethodMissing,   'ftpd/file_system_method_missing'
   autoload :FtpServer,                 'ftpd/ftp_server'
   autoload :InsecureCertificate,       'ftpd/insecure_certificate'
+  autoload :NullLogger,                'ftpd/null_logger'
   autoload :ReadOnlyDiskFileSystem,    'ftpd/read_only_disk_file_system'
   autoload :Server,                    'ftpd/server'
   autoload :Session,                   'ftpd/session'
+  autoload :Telnet,                    'ftpd/telnet'
   autoload :TempDir,                   'ftpd/temp_dir'
   autoload :TlsServer,                 'ftpd/tls_server'
   autoload :TranslateExceptions,       'ftpd/translate_exceptions'

data/lib/ftpd/ftp_server.rb CHANGED

@@ -3,19 +3,8 @@
 module Ftpd
   class FtpServer < TlsServer
-    # If truthy, emit debug information (such as replies received and
-    # responses sent) to the file named by #debug_path.
-    #
-    # Change to this attribute only take effect for new sessions.
-    attr_accessor :debug
-    # The path to which to write debug information.  Defaults to
-    # '/dev/stdout'
-    #
-    # Change to this attribute only take effect for new sessions.
-    attr_accessor :debug_path
+    DEFAULT_SERVER_NAME = 'wconrad/ftpd'
+    DEFAULT_SESSION_TIMEOUT = 300 # seconds
     # The number of seconds to delay before replying.  This is for
     # testing, when you need to test, for example, client timeouts.
@@ -39,6 +28,37 @@ module Ftpd
     attr_accessor :auth_level
+    # The session timeout.  When a session is awaiting a command, if
+    # one is not received in this many seconds, the session is
+    # disconnected.  Defaults to {DEFAULT_SESSION_TIMEOUT}.  If nil,
+    # then timeout is disabled.
+    # @return [Numeric]
+    attr_accessor :session_timeout
+    # The server's name, sent in a STAT reply.  Defaults to
+    # {DEFAULT_SERVER_NAME}.
+    attr_accessor :server_name
+    # The server's version, sent in a STAT reply.  Defaults to the
+    # contents of the VERSION file.
+    attr_accessor :server_version
+    # The logger.  Defaults to nil (no logging).
+    # @return [Logger]
+    attr_accessor :log
+    # Allow PORT command to specify data ports below 1024.  Defaults
+    # to false.  Setting this to true makes it easier for an attacker
+    # to use the server to attack another server.  See RFC 2577
+    # section 3.
+    # @return [Boolean]
+    attr_accessor :allow_low_data_ports
     # Create a new FTP server.  The server won't start until the
     # #start method is called.
     #
@@ -52,11 +72,14 @@ module Ftpd
     def initialize(driver)
       super()
       @driver = driver
-      @debug_path = '/dev/stdout'
-      @debug = false
       @response_delay = 0
       @list_formatter = ListFormat::Ls
       @auth_level = AUTH_PASSWORD
+      @session_timeout = 300
+      @server_name = DEFAULT_SERVER_NAME
+      @server_version = read_version_file
+      @allow_low_data_ports = false
+      @log = nil
     end
     private
@@ -64,12 +87,23 @@ module Ftpd
     def session(socket)
       Session.new(:socket => socket,
                   :driver => @driver,
-                  :debug => @debug,
-                  :debug_path => debug_path,
                   :list_formatter => @list_formatter,
                   :response_delay => response_delay,
                   :tls => @tls,
-                  :auth_level => @auth_level).run
+                  :auth_level => @auth_level,
+                  :session_timeout => @session_timeout,
+                  :server_name => @server_name,
+                  :server_version => @server_version,
+                  :log => log,
+                  :allow_low_data_ports => allow_low_data_ports).run
+    end
+    def read_version_file
+      File.open(version_file_path, 'r', &:read).strip
+    end
+    def version_file_path
+      File.expand_path('../../VERSION', File.dirname(__FILE__))
     end
   end