investtools-ftpd 1.0.1

data/lib/ftpd/config.rb

@@ -0,0 +1,13 @@
+module Ftpd
+  class Config
+
+    # The number of seconds to delay before replying.  This is for
+    # testing client timeouts.
+    # Defaults to 0 (no delay).
+    #
+    # Change to this attribute only take effect for new sessions.
+
+    attr_accessor :response_delay
+
+  end
+end

data/lib/ftpd/connection_throttle.rb

@@ -0,0 +1,56 @@
+module Ftpd
+
+  # This class limits the number of connections
+
+  class ConnectionThrottle
+
+    DEFAULT_MAX_CONNECTIONS = nil
+    DEFAULT_MAX_CONNECTIONS_PER_IP = nil
+
+    # The maximum number of connections, or nil if there is no limit.
+    # @return [Integer]
+
+    attr_accessor :max_connections
+
+    # The maximum number of connections for an IP, or nil if there is
+    # no limit.
+    # @return [Integer]
+
+    attr_accessor :max_connections_per_ip
+
+    # @param connection_tracker [ConnectionTracker]
+
+    def initialize(connection_tracker)
+      @max_connections = DEFAULT_MAX_CONNECTIONS
+      @max_connections_per_ip = DEFAULT_MAX_CONNECTIONS_PER_IP
+      @connection_tracker = connection_tracker
+    end
+
+    # @return [Boolean] true if the connection should be allowed
+
+    def allow?(socket)
+      allow_by_total_count &&
+        allow_by_ip_count(socket)
+    end
+
+    # Reject a connection
+
+    def deny(socket)
+      socket.write "421 Too many connections\r\n"
+    end
+
+    private
+
+    def allow_by_total_count
+      return true unless @max_connections
+      @connection_tracker.connections < @max_connections
+    end
+
+    def allow_by_ip_count(socket)
+      return true unless @max_connections_per_ip
+      @connection_tracker.connections_for(socket) < @max_connections_per_ip
+    end
+
+  end
+
+end

data/lib/ftpd/connection_tracker.rb

@@ -0,0 +1,82 @@
+require_relative "gets_peer_address"
+
+module Ftpd
+
+  # This class keeps track of connections
+
+  class ConnectionTracker
+
+    include GetsPeerAddress
+
+    def initialize
+      @mutex = Mutex.new
+      @connections = {}
+      @socket_ips ={}
+    end
+
+    # Return the total number of connections
+
+    def connections
+      @mutex.synchronize do
+        @connections.values.inject(0, &:+)
+      end
+    end
+
+    # Return the number of connections for a socket's peer IP
+
+    def connections_for(socket)
+      @mutex.synchronize do
+        ip = peer_ip(socket)
+        @connections[ip] || 0
+      end
+    end
+
+    # Track a connection.  Yields to a block; the connection is
+    # tracked until the block returns.
+
+    def track(socket)
+      start_track socket
+      begin
+        yield
+      ensure
+        stop_track socket
+      end
+    end
+
+    # Start tracking a connection
+
+    def start_track(socket)
+      @mutex.synchronize do
+        ip = peer_ip(socket)
+        @connections[ip] ||= 0
+        @connections[ip] += 1
+        @socket_ips[socket.object_id] = ip
+      end
+    end
+
+    # Stop tracking a connection
+
+    def stop_track(socket)
+      @mutex.synchronize do
+        ip = @socket_ips.delete(socket.object_id)
+        if (@connections[ip] -= 1) == 0
+          @connections.delete(ip)
+        end
+      end
+    end
+
+    # Return the number of known IPs.  This exists for the benefit of
+    # the test, so that it can know the tracker has properly forgotten
+    # about an IP with no connections.
+
+    def known_ip_count
+      @mutex.synchronize do
+        @connections.size
+      end
+    end
+
+    private
+
+  end
+
+end

data/lib/ftpd/data_connection_helper.rb

@@ -0,0 +1,123 @@
+require_relative 'command_handler'
+
+module Ftpd
+
+  module DataConnectionHelper
+
+    def transmit_file(io, data_type = session.data_type)
+      open_data_connection do |data_socket|
+        socket = Ftpd::Stream.new(data_socket, data_type)
+        handle_data_disconnect do
+          socket.write(io)
+        end
+        config.log.debug "Sent #{socket.byte_count} bytes"
+        reply "226 Transfer complete"
+      end
+    end
+
+    def receive_file(path_to_advertise = nil, &block)
+      open_data_connection(path_to_advertise) do |data_socket|
+        socket = Ftpd::Stream.new(data_socket, data_type)
+        handle_data_disconnect do
+          yield socket
+        end
+        config.log.debug "Received #{socket.byte_count} bytes"
+      end
+    end
+
+    def open_data_connection(path_to_advertise = nil, &block)
+      send_start_of_data_connection_reply(path_to_advertise)
+      if data_server
+        if encrypt_data?
+          open_passive_tls_data_connection(&block)
+        else
+          open_passive_data_connection(&block)
+        end
+      else
+        if encrypt_data?
+          open_active_tls_data_connection(&block)
+        else
+          open_active_data_connection(&block)
+        end
+      end
+    end
+
+    def open_passive_tls_data_connection
+      open_passive_data_connection do |socket|
+        make_tls_connection(socket) do |ssl_socket|
+          yield(ssl_socket)
+        end
+      end
+    end
+
+    def open_active_tls_data_connection
+      open_active_data_connection do |socket|
+        make_tls_connection(socket) do |ssl_socket|
+          yield(ssl_socket)
+        end
+      end
+    end
+
+    def open_active_data_connection
+      data_socket = TCPSocket.new(data_hostname, data_port)
+      begin
+        yield(data_socket)
+      ensure
+        data_socket.close
+      end
+    end
+
+    def open_passive_data_connection
+      data_socket = data_server.accept
+      begin
+        yield(data_socket)
+      ensure
+        data_socket.close
+      end
+    end
+
+    def handle_data_disconnect
+      return yield
+    rescue Errno::ECONNRESET, Errno::EPIPE
+      reply "426 Connection closed; transfer aborted."
+    end
+
+    def send_start_of_data_connection_reply(path)
+      if path
+        reply "150 FILE: #{path}"
+      else
+        reply "150 Opening #{data_connection_description}"
+      end
+    end
+
+    def data_connection_description
+      [
+        Session::DATA_TYPES[data_type][0],
+        "mode data connection",
+        ("(TLS)" if encrypt_data?)
+      ].compact.join(' ')
+    end
+
+    def make_tls_connection(data_socket)
+      ssl_socket = OpenSSL::SSL::SSLSocket.new(data_socket, socket.ssl_context)
+      ssl_socket.accept
+      begin
+        yield(ssl_socket)
+      ensure
+        ssl_socket.close
+      end
+    end
+
+    def close_data_server_socket_when_done
+      yield
+    ensure
+      close_data_server_socket
+    end
+
+    def encrypt_data?
+      data_channel_protection_level != :clear
+    end
+
+  end
+
+end

data/lib/ftpd/disk_file_system.rb

@@ -0,0 +1,434 @@
+require_relative 'translate_exceptions'
+
+module Ftpd
+
+  class DiskFileSystem
+
+    # DiskFileSystem mixin for path expansion.  Used by every command
+    # that accesses the disk file system.
+
+    module PathExpansion
+
+      # Set the data directory, the root of the disk file system.
+      # data_dir should be an absolute path.
+
+      def set_data_dir(data_dir)
+        @data_dir = data_dir
+      end
+
+      # Expand an ftp_path to an absolute file system path.
+      #
+      # ftp_path is an absolute path relative to the FTP file system.
+      # The return value is an absolute path relative to the disk file
+      # system.
+
+      def expand_ftp_path(ftp_path)
+        File.expand_path(File.join(@data_dir, ftp_path))
+      end
+
+    end
+  end
+
+  class DiskFileSystem
+
+    # DiskFileSystem mixin providing file attributes.  These are used,
+    # alone or in combination, by nearly every command that accesses the
+    # disk file system.
+
+    module Accessors
+
+      # Return true if the path is accessible to the user.  This will be
+      # called for put, get and directory lists, so the file or
+      # directory named by the path may not exist.
+      # @param ftp_path [String] The virtual path
+      # @return [Boolean]
+
+      def accessible?(ftp_path)
+        # The server should never try to access a path outside of the
+        # directory (such as '../foo'), but if it does, we'll catch it
+        # here.
+        expand_ftp_path(ftp_path).start_with?(@data_dir)
+      end
+
+      # Return true if the file or directory path exists.
+      # @param ftp_path [String] The virtual path
+      # @return [Boolean]
+
+      def exists?(ftp_path)
+        File.exists?(expand_ftp_path(ftp_path))
+      end
+
+      # Return true if the path exists and is a directory.
+      # @param ftp_path [String] The virtual path
+      # @return [Boolean]
+
+      def directory?(ftp_path)
+        File.directory?(expand_ftp_path(ftp_path))
+      end
+
+    end
+  end
+
+  class DiskFileSystem
+
+    # DiskFileSystem mixin for writing files.  Used by Append and Write.
+
+    module FileWriting
+
+      def write_file(ftp_path, stream, mode)
+        File.open(expand_ftp_path(ftp_path), mode) do |file|
+          while line = stream.read
+            file.write line
+          end
+        end
+      end
+
+    end
+
+  end
+
+  class DiskFileSystem
+
+    # DiskFileSystem mixin providing file deletion
+
+    module Delete
+
+      include TranslateExceptions
+
+      # Remove a file.
+      # @param ftp_path [String] The virtual path
+      #
+      # Called for:
+      # * DELE
+      #
+      # If missing, then these commands are not supported.
+
+      def delete(ftp_path)
+        FileUtils.rm expand_ftp_path(ftp_path)
+      end
+      translate_exceptions :delete
+
+    end
+  end
+
+  class DiskFileSystem
+
+    # DiskFileSystem mixin providing file reading
+
+    module Read
+
+      include TranslateExceptions
+
+      # Read a file from disk.
+      # @param ftp_path [String] The virtual path
+      # @yield [io] Passes an IO object to the block
+      #
+      # Called for:
+      # * RETR
+      #
+      # If missing, then these commands are not supported.
+
+      def read(ftp_path, &block)
+        io = File.open(expand_ftp_path(ftp_path), 'rb')
+        begin
+          yield(io)
+        ensure
+          io.close
+        end
+      end
+      translate_exceptions :read
+
+    end
+  end
+
+  class DiskFileSystem
+
+    # DiskFileSystem mixin providing file writing
+
+    module Write
+
+      include FileWriting
+      include TranslateExceptions
+
+      # Write a file to disk.
+      # @param ftp_path [String] The virtual path
+      # @param stream [Ftpd::Stream] Stream that contains the data to write
+      #
+      # Called for:
+      # * STOR
+      # * STOU
+      #
+      # If missing, then these commands are not supported.
+
+      def write(ftp_path, stream)
+        write_file ftp_path, stream, 'wb'
+      end
+      translate_exceptions :write
+
+    end
+  end
+
+  class DiskFileSystem
+
+    # DiskFileSystem mixin providing file appending
+
+    module Append
+
+      include FileWriting
+      include TranslateExceptions
+
+      # Append to a file.  If the file does not exist, create it.
+      # @param ftp_path [String] The virtual path
+      # @param stream [Ftpd::Stream] Stream that contains the data to write
+      #
+      # Called for:
+      # * APPE
+      #
+      # If missing, then these commands are not supported.
+
+      def append(ftp_path, stream)
+        write_file ftp_path, stream, 'ab'
+      end
+      translate_exceptions :append
+
+    end
+  end
+
+  class DiskFileSystem
+
+    # DiskFileSystem mixing providing mkdir
+
+    module Mkdir
+
+      include TranslateExceptions
+
+      # Create a directory.
+      # @param ftp_path [String] The virtual path
+      #
+      # Called for:
+      # * MKD
+      #
+      # If missing, then these commands are not supported.
+
+      def mkdir(ftp_path)
+        Dir.mkdir expand_ftp_path(ftp_path)
+      end
+      translate_exceptions :mkdir
+
+    end
+
+  end
+
+  class DiskFileSystem
+
+    # DiskFileSystem mixing providing mkdir
+
+    module Rmdir
+
+      include TranslateExceptions
+
+      # Remove a directory.
+      # @param ftp_path [String] The virtual path
+      #
+      # Called for:
+      # * RMD
+      #
+      # If missing, then these commands are not supported.
+
+      def rmdir(ftp_path)
+        Dir.rmdir expand_ftp_path(ftp_path)
+      end
+      translate_exceptions :rmdir
+
+    end
+
+  end
+
+  class DiskFileSystem
+
+    # DiskFileSystem mixin providing directory listing
+
+    module List
+
+      include TranslateExceptions
+
+      # Get information about a single file or directory.
+      # @param ftp_path [String] The virtual path
+      # @return [FileInfo]
+      #
+      # Should follow symlinks (per
+      # {http://cr.yp.to/ftp/list/eplf.html}, "lstat() is not a good
+      # idea for FTP directory listings").
+      #
+      # Called for:
+      # * LIST
+      #
+      # If missing, then these commands are not supported.
+
+      def file_info(ftp_path)
+        stat = File.stat(expand_ftp_path(ftp_path))
+        FileInfo.new(:ftype => stat.ftype,
+                     :group => gid_name(stat.gid),
+                     :identifier => identifier(stat),
+                     :mode => stat.mode,
+                     :mtime => stat.mtime,
+                     :nlink => stat.nlink,
+                     :owner => uid_name(stat.uid),
+                     :path => ftp_path,
+                     :size => stat.size)
+      end
+      translate_exceptions :file_info
+
+      # Expand a path that may contain globs into a list of paths of
+      # matching files and directories.
+      # @param ftp_path [String] The virtual path
+      # @return [Array<String>]
+      #
+      # The paths returned are fully qualified, relative to the root
+      # of the virtual file system.
+      # 
+      # For example, suppose these files exist on the physical file
+      # system:
+      #
+      #   /var/lib/ftp/foo/foo
+      #   /var/lib/ftp/foo/subdir/bar
+      #   /var/lib/ftp/foo/subdir/baz
+      #
+      # and that the directory /var/lib/ftp is the root of the virtual
+      # file system.  Then:
+      #
+      #   dir('foo')         # => ['/foo']
+      #   dir('subdir')      # => ['/subdir']
+      #   dir('subdir/*')    # => ['/subdir/bar', '/subdir/baz']
+      #   dir('*')           # => ['/foo', '/subdir']
+      #
+      # Called for:
+      # * LIST
+      # * NLST
+      #
+      # If missing, then these commands are not supported.
+
+      def dir(ftp_path)
+        Dir[expand_ftp_path(ftp_path)].map do |path|
+          path.sub(/^#{@data_dir}/, '')
+        end
+      end
+      translate_exceptions :dir
+
+      private
+
+      def uid_name(uid)
+        Etc.getpwuid(uid).name
+      end
+
+      def gid_name(gid)
+        Etc.getgrgid(gid).name
+      end
+
+      def identifier(stat)
+        [stat.dev, stat.ino].join('.')
+      end
+
+    end
+  end
+
+  class DiskFileSystem
+
+    # DiskFileSystem mixin providing file/directory rename/move
+
+    module Rename
+
+      include TranslateExceptions
+
+      # Rename or move a file or directory
+      #
+      # Called for:
+      # * RNTO
+      #
+      # If missing, then these commands are not supported.
+
+      def rename(from_ftp_path, to_ftp_path)
+        FileUtils.mv(expand_ftp_path(from_ftp_path),
+                     expand_ftp_path(to_ftp_path))
+      end
+      translate_exceptions :rename
+
+    end
+  end
+
+  class DiskFileSystem
+
+    # DiskFileSystem "omnibus" mixin, which pulls in mixins which are
+    # likely to be needed by any DiskFileSystem.
+
+    module Base
+      include TranslateExceptions
+      include DiskFileSystem::Accessors
+      include DiskFileSystem::PathExpansion
+    end
+
+  end
+
+  # An FTP file system mapped to a disk directory.  This can serve as
+  # a template for creating your own specialized driver.
+  #
+  # Any method may raise a PermanentFileSystemError (e.g. "file not
+  # found") or TransientFileSystemError (e.g. "file busy").  A
+  # PermanentFileSystemError will cause a "550" error response to be
+  # sent; a TransientFileSystemError will cause a "450" error response
+  # to be sent. Methods may also raise an FtpServerError with any
+  # desired error code.
+  #
+  # The class is divided into modules that may be included piecemeal.
+  # By including some mixins and not others, you can compose a disk
+  # file system driver "a la carte."  This is useful if you want an
+  # FTP server that, for example, allows reading but not writing
+  # files.
+
+  class DiskFileSystem
+
+    include DiskFileSystem::Base
+
+    # Mixins that make available commands or groups of commands.  Each
+    # can be safely left out with the only effect being to make One or
+    # more commands be unimplemented.
+
+    include DiskFileSystem::Append
+    include DiskFileSystem::Delete
+    include DiskFileSystem::List
+    include DiskFileSystem::Mkdir
+    include DiskFileSystem::Read
+    include DiskFileSystem::Rename
+    include DiskFileSystem::Rmdir
+    include DiskFileSystem::Write
+
+    # Make a new instance to serve a directory.  data_dir should be an
+    # absolute path.
+
+    def initialize(data_dir)
+      set_data_dir data_dir
+      translate_exception SystemCallError
+    end
+
+  end
+
+  # A disk file system that does not allow any modification (writes,
+  # deletes, etc.)
+
+  class ReadOnlyDiskFileSystem
+
+    include DiskFileSystem::Base
+    include DiskFileSystem::List
+    include DiskFileSystem::Read
+
+    # Make a new instance to serve a directory.  data_dir should be an
+    # absolute path.
+
+    def initialize(data_dir)
+      set_data_dir data_dir
+      translate_exception SystemCallError
+    end
+
+  end
+
+end