ftpd 0.5.0 → 0.6.0

data/lib/ftpd/server.rb

@@ -5,14 +5,20 @@ module Ftpd
 
     # The interface to bind to (e.g. "127.0.0.1", "0.0.0.0",
     # "10.0.0.12", etc.).  Defaults to "localhost"
-    # Changes made after #start have no effect.
+    #
+    # Set this before calling #start.
+    #
+    # @return [String]
 
     attr_accessor :interface
 
     # The port to bind to.  Defaults to 0, which causes an ephemeral
     # port to be used.  When bound to an ephemeral port, use
     # #bound_port to find out which port was actually bound to.
-    # Changes made after #start have no effect.
+    #
+    # Set this before calling #start.
+    #
+    # @return [String]
 
     attr_accessor :port
 
@@ -23,6 +29,8 @@ module Ftpd
 
     # The port the server is bound to.  Must not be called until after
     # #start is called.
+    #
+    # @return [Integer]
 
     def bound_port
       @server_socket.addr[1]
@@ -61,7 +69,7 @@ module Ftpd
               sleep(0.2)
               retry
             end
-            start_session_thread socket
+            start_session socket
           rescue IOError
             break
           end
@@ -69,6 +77,22 @@ module Ftpd
       end
     end
 
+    def start_session(socket)
+      if allow_session?(socket)
+        start_session_thread socket
+      else
+        deny_session socket
+        close_socket socket
+      end
+    end
+
+    def allow_session?(socket)
+      true
+    end
+
+    def deny_session socket
+    end
+
     def start_session_thread(socket)
       Thread.new do
         begin

data/lib/ftpd/session.rb

@@ -6,6 +6,9 @@ module Ftpd
     include Error
 
     def initialize(opts)
+      @failed_login_delay = opts[:failed_login_delay]
+      @connection_tracker = opts[:connection_tracker]
+      @max_failed_logins = opts[:max_failed_logins]
       @log = opts[:log] || NullLogger.new
       @allow_low_data_ports = opts[:allow_low_data_ports]
       @server_name = opts[:server_name]
@@ -14,41 +17,38 @@ module Ftpd
       @auth_level = opts[:auth_level]
       @socket = opts[:socket]
       @tls = opts[:tls]
+      @list_formatter = opts[:list_formatter]
+      @response_delay = opts[:response_delay]
+      @session_timeout = opts[:session_timeout]
       if @tls == :implicit
         @socket.encrypt
       end
-      @name_prefix = '/'
-      @list_formatter = opts[:list_formatter]
-      @data_type = 'A'
-      @mode = 'S'
-      @structure = 'F'
-      @response_delay = opts[:response_delay]
-      @data_channel_protection_level = :clear
       @command_sequence_checker = init_command_sequence_checker
-      @session_timeout = opts[:session_timeout]
-      @logged_in = false
       set_socket_options
+      initialize_session
     end
 
     def run
-      reply "220 ftpd"
       catch :done do
-        loop do
-          begin
-            s = get_command
-            s = process_telnet_sequences(s)
-            syntax_error unless s =~ /^(\w+)(?: (.*))?$/
-            command, argument = $1.downcase, $2
-            method = 'cmd_' + command
-            unless respond_to?(method, true)
-              unrecognized_error s
+        begin
+          reply "220 #{server_name_and_version}"
+          loop do
+            begin
+              s = get_command
+              s = process_telnet_sequences(s)
+              syntax_error unless s =~ /^(\w+)(?: (.*))?$/
+              command, argument = $1.downcase, $2
+              method = 'cmd_' + command
+              unless respond_to?(method, true)
+                unrecognized_error s
+              end
+              @command_sequence_checker.check command
+              send(method, argument)
+            rescue CommandError => e
+              reply e.message
             end
-            @command_sequence_checker.check command
-            send(method, argument)
-          rescue CommandError => e
-            reply e.message
-          rescue Errno::ECONNRESET, Errno::EPIPE
           end
+        rescue Errno::ECONNRESET, Errno::EPIPE
         end
       end
     end
@@ -465,7 +465,7 @@ module Ftpd
     def cmd_stat(argument)
       ensure_logged_in
       syntax_error if argument
-      reply "211 #{@server_name} #{@server_version}"
+      reply "211 #{server_name_and_version}"
     end
 
     def self.unimplemented(command)
@@ -476,12 +476,38 @@ module Ftpd
       private method_name
     end
 
+    def cmd_feat(argument)
+      syntax_error if argument
+      reply '211-Extensions supported:'
+      extensions.each do |extension|
+        reply " #{extension}"
+      end
+      reply '211 END'
+    end
+
+    def cmd_opts(argument)
+      syntax_error unless argument
+      error '501 Unsupported option'
+    end
+
     unimplemented :abor
     unimplemented :rein
     unimplemented :rest
     unimplemented :site
     unimplemented :smnt
 
+    def extensions
+      [
+        (TLS_EXTENSIONS if tls_enabled?)
+      ].flatten.compact
+    end
+
+    TLS_EXTENSIONS = [
+      'AUTH TLS',
+      'PBSZ',
+      'PROT'
+    ]
+
     def supported_commands
       private_methods.map do |method|
         method.to_s[/^cmd_(\w+)$/, 1]
@@ -754,11 +780,13 @@ module Ftpd
 
     def login(*auth_tokens)
       unless authenticate(*auth_tokens)
+        failed_auth
         error "530 Login incorrect"
       end
       reply "230 Logged in"
       set_file_system @driver.file_system(@user)
       @logged_in = true
+      reset_failed_auths
     end
 
     def set_socket_options
@@ -782,5 +810,36 @@ module Ftpd
       telnet.plain
     end
 
+    def reset_failed_auths
+      @failed_auths = 0
+    end
+
+    def failed_auth
+      @failed_auths += 1
+      sleep @failed_login_delay
+      if @max_failed_logins && @failed_auths >= @max_failed_logins
+        reply "421 server unavailable"
+        throw :done
+      end
+    end
+
+    def initialize_session
+      @logged_in = false
+      @data_type = 'A'
+      @mode = 'S'
+      @structure = 'F'
+      @name_prefix = '/'
+      @data_channel_protection_level = :clear
+      @data_hostname = nil
+      @data_port = nil
+      @protection_buffer_size_set = 0
+      close_data_server_socket
+      reset_failed_auths
+    end
+
+    def server_name_and_version
+      "#{@server_name} #{@server_version}"
+    end
+
   end
 end

data/lib/ftpd/tls_server.rb

@@ -8,15 +8,21 @@ module Ftpd
     # * :explicit
     # * :implicit
     #
-    # Defaults to :off
+    # Notes:
+    # * Defaults to :off
+    # * Set this before calling #start.
+    # * If other than :off, then #certfile_path must be set.
     #
-    # Changes made after #start have no effect.  If TLS is enabled,
-    # then #certfile_path must be set.
+    # @return [Symbol]
 
     attr_accessor :tls
 
-    # The path of the SSL certificate to use for TLS.
-    # Changes made after #start have no effect.
+    # The path of the SSL certificate to use for TLS.  Defaults to nil
+    # (no SSL certificate).
+    #
+    # Set this before calling #start.
+    #
+    # @return [String]
 
     attr_accessor :certfile_path
 

data/rake_tasks/cucumber.rake

@@ -2,6 +2,7 @@ require 'cucumber/rake/task'
 
 Cucumber::Rake::Task.new 'test:features' do |t|
   t.fork = true
+  t.cucumber_opts = '--format progress'
 end
 
 task 'test:cucumber' => ['test:features']

data/rake_tasks/jeweler.rake

@@ -6,7 +6,7 @@ README_PATH = File.expand_path('../README.md', File.dirname(__FILE__))
 
 def extract_description_from_readme
   readme = File.open(README_PATH, 'r', &:read)
-  s = readme[/^# FTPD\n+((?:.*\n)+?)\n*##/, 1]
+  s = readme[/^# FTPD\n+((?:.*\n)+?)\n*##/i, 1]
   s.gsub(/\n/, ' ').strip
 end
 

data/spec/connection_throttle_spec.rb

@@ -0,0 +1,96 @@
+require File.expand_path('spec_helper', File.dirname(__FILE__))
+
+module Ftpd
+
+  describe ConnectionThrottle do
+
+    let(:socket) {mock TCPSocket}
+    let(:connections) {0}
+    let(:connections_for_socket) {0}
+    let(:connection_tracker) do
+      mock ConnectionTracker, :connections => connections
+    end
+    subject(:connection_throttle) do
+      ConnectionThrottle.new(connection_tracker)
+    end
+
+    before(:each) do
+      connection_tracker.stub(:connections => connections)
+      connection_tracker.stub(:connections_for).with(socket).and_return(connections_for_socket)
+    end
+
+    it 'should have defaults' do
+      connection_throttle.max_connections.should be_nil
+      connection_throttle.max_connections_per_ip.should be_nil
+    end
+
+    describe '#allow?' do
+
+      context '(total connections)' do
+        
+        let(:max_connections) {50}
+
+        before(:each) do
+          connection_throttle.max_connections = max_connections
+          connection_throttle.max_connections_per_ip = 2 * max_connections
+        end
+
+        context 'almost at maximum connections' do
+          let(:connections) {max_connections - 1}
+          specify {connection_throttle.allow?(socket).should be_true}
+        end
+
+        context 'at maximum connections' do
+          let(:connections) {max_connections}
+          specify {connection_throttle.allow?(socket).should be_false}
+        end
+
+        context 'above maximum connections' do
+          let(:connections) {max_connections + 1}
+          specify {connection_throttle.allow?(socket).should be_false}
+        end
+
+      end
+
+      context '(per ip)' do
+        
+        let(:max_connections_per_ip) {5}
+
+        before(:each) do
+          connection_throttle.max_connections = 2 * max_connections_per_ip
+          connection_throttle.max_connections_per_ip = max_connections_per_ip
+        end
+
+        context 'almost at maximum connections for ip' do
+          let(:connections_for_socket) {max_connections_per_ip - 1}
+          specify {connection_throttle.allow?(socket).should be_true}
+        end
+
+        context 'at maximum connections for ip' do
+          let(:connections_for_socket) {max_connections_per_ip}
+          specify {connection_throttle.allow?(socket).should be_false}
+        end
+
+        context 'above maximum connections for ip' do
+          let(:connections_for_socket) {max_connections_per_ip + 1}
+          specify {connection_throttle.allow?(socket).should be_false}
+        end
+
+      end
+
+    end
+
+    describe '#deny' do
+      
+      let(:socket) {StringIO.new}
+
+      it 'should send a "too many connections" message' do
+        connection_throttle.deny socket
+        socket.string.should == "421 Too many connections\r\n"
+      end
+
+    end
+
+  end
+
+end

data/spec/connection_tracker_spec.rb

@@ -0,0 +1,126 @@
+require File.expand_path('spec_helper', File.dirname(__FILE__))
+
+module Ftpd
+
+  describe ConnectionTracker do
+
+    before(:all) do
+      Thread.abort_on_exception = true
+    end    
+
+    # Create a mock socket with the given peer address
+
+    def socket_bound_to(source_ip)
+      socket = mock TCPSocket
+      peeraddr = Socket.pack_sockaddr_in(0, source_ip)
+      socket.stub :getpeername => peeraddr
+      socket
+    end
+
+    # Since the connection tracker only keeps track of a connection
+    # until the block to which it yields returns, we need a way to
+    # keep a block active.
+
+    class Connector
+
+      def initialize(connection_tracker)
+        @connection_tracker = connection_tracker
+        @tracked = Queue.new
+        @end_session = Queue.new
+        @session_ended = Queue.new
+      end
+
+      # Start tracking a connection.  Does not return until it is
+      # being tracked.
+
+      def start_session(socket)
+        Thread.new do
+          @connection_tracker.track(socket) do
+            @tracked.enq :go
+            command = @end_session.deq
+            if command == :close
+              socket.stub(:getpeername).and_raise(RuntimeError, "Socket closed")
+            end
+          end
+          @session_ended.enq :go
+        end
+        @tracked.deq
+      end
+
+      # Stop tracking a connection.  Does not return until it is no
+      # longer tracked.
+
+      def end_session(command = :normally)
+        @end_session.enq command
+        @session_ended.deq
+      end
+
+    end
+
+    let(:connector) {Connector.new(connection_tracker)}
+    subject(:connection_tracker) {ConnectionTracker.new}
+
+    describe '#connections' do
+
+      let(:socket) {socket_bound_to('127.0.0.1')}
+
+      context '(session ends normally)' do
+
+        it 'should track the total number of connection' do
+          connection_tracker.connections.should == 0
+          connector.start_session socket
+          connection_tracker.connections.should == 1
+          connector.end_session
+          connection_tracker.connections.should == 0
+        end
+
+      end
+
+      context '(socket disconnected during session)' do
+
+        it 'should track the total number of connection' do
+          connection_tracker.connections.should == 0
+          connector.start_session socket
+          connection_tracker.connections.should == 1
+          connector.end_session :close
+          connection_tracker.connections.should == 0
+        end
+
+      end
+
+    end
+
+    describe '#connections_for' do
+
+      it 'should track the number of connections for an ip' do
+        socket1 = socket_bound_to('127.0.0.1')
+        socket2 = socket_bound_to('127.0.0.2')
+        connection_tracker.connections_for(socket1).should == 0
+        connection_tracker.connections_for(socket2).should == 0
+        connector.start_session socket1
+        connection_tracker.connections_for(socket1).should == 1
+        connection_tracker.connections_for(socket2).should == 0
+        connector.end_session
+        connection_tracker.connections_for(socket1).should == 0
+        connection_tracker.connections_for(socket2).should == 0
+      end
+
+    end
+
+    describe '#known_ip_count' do
+
+      let(:socket) {socket_bound_to('127.0.0.1')}
+
+      it 'should forget about an IP that has no connection' do
+        connection_tracker.known_ip_count.should == 0
+        connector.start_session socket
+        connection_tracker.known_ip_count.should == 1
+        connector.end_session
+        connection_tracker.known_ip_count.should == 0
+      end
+
+    end
+
+  end
+
+end