investtools-ftpd 1.0.1

data/lib/ftpd/error.rb

@@ -0,0 +1,21 @@
+module Ftpd
+  module Error
+
+    def error(message, code)
+      raise FtpServerError.new(message, code)
+    end
+
+    def unimplemented_error
+      error "Command not implemented", 502
+    end
+
+    def sequence_error
+      error "Bad sequence of commands", 503
+    end
+
+    def syntax_error
+      error "Syntax error", 501
+    end
+
+  end
+end

data/lib/ftpd/exception_translator.rb

@@ -0,0 +1,32 @@
+module Ftpd
+
+  # Translate specific exceptions to FileSystemError.
+  #
+  # This is not intended to be used directly, but via the
+  # TranslateExceptions module.
+
+  class ExceptionTranslator
+
+    def initialize
+      @exceptions = []
+    end
+
+    # Register an exception class.
+
+    def register_exception(e)
+      @exceptions << e
+    end
+
+    # Run a block, translating specific exceptions to FileSystemError.
+
+    def translate_exceptions
+      begin
+        return yield
+      rescue *@exceptions => e
+        raise PermanentFileSystemError, e.message
+      end
+    end
+
+  end
+
+end

data/lib/ftpd/exceptions.rb

@@ -0,0 +1,62 @@
+module Ftpd
+
+  # All errors (purposefully) generated by this library driver from
+  # this class.
+
+  # Any error that send a reply to the client raises a FtpServerError.
+  # The message is the text to send (e.g. "Syntax error") and the code
+  # is the FTP response code to send (e.g. "502"). This is typically not
+  # raised directly, but using the Error mixin.
+
+  class FtpServerError < StandardError
+    attr_reader :code
+
+    def initialize(message, code)
+      @code = code
+      raise ArgumentError, "Invalid response code" unless valid_response_code?
+
+      super(message)
+    end
+
+    def message_with_code
+      "#{code} #{message}"
+    end
+
+    private
+    def valid_response_code?
+      (400..599).cover?(code)
+    end
+  end
+
+  # A permanent file system error.  The file isn't there, etc.
+
+  class PermanentFileSystemError < FtpServerError
+    def initialize(message, code = 550)
+      super
+    end
+
+    private
+    def valid_response_code?
+      (550..559).cover?(code)
+    end
+  end
+
+  # A transient file system error.  The file is busy, etc.
+
+  class TransientFileSystemError < FtpServerError
+    def initialize(message, code = 450)
+      super
+    end
+
+    private
+    def valid_response_code?
+      (450..459).cover?(code)
+    end
+  end
+
+  # A permanent file system error.  Deprecated; use
+  # PermanentFileSystemError instead.
+
+  class FileSystemError < PermanentFileSystemError ; end
+
+end

data/lib/ftpd/file_info.rb

@@ -0,0 +1,115 @@
+module Ftpd
+
+  # Information about a file object (file, directory, symlink, etc.)
+
+  class FileInfo
+
+    # @return [String] The file's type, as returned by File.lstat
+    # One of:
+    # * 'file'
+    # * 'directory'
+    # * 'characterSpecial'
+    # * 'blockSpecial'
+    # * 'fifo'
+    # * 'link'
+    # * 'socket'
+    # * 'unknown'
+
+    attr_reader :ftype
+
+    # @return [String] The group name
+
+    attr_reader :group
+
+    # @return [Integer] The mode bits, as returned by File::Stat#mode
+    # The bits are:
+    #   * 0 - others have execute permission
+    #   * 1 - others have write permission
+    #   * 2 - others have read permission
+    #   * 3 - group has execute permission
+    #   * 4 - group has write permission
+    #   * 5 - group has read permission
+    #   * 6 - owner has execute permission
+    #   * 7 - owner has write permission
+    #   * 8 - owner has read permission
+    #   * 9 - sticky bit
+    #   * 10 - set-group-ID bit
+    #   * 11 - set UID bit
+    # Other bits may be present; they are ignored
+
+    attr_reader :mode
+
+    # @return [Time] The modification time
+
+    attr_reader :mtime
+
+    # @return [Integer] The number of hard links
+
+    attr_reader :nlink
+
+    # @return [String] The owner name
+
+    attr_reader :owner
+
+    # @return [Integer] The size, in bytes
+
+    attr_reader :size
+
+    # @return [String] The object's path
+
+    attr_reader :path
+
+    # @return [String] The object's identifier
+    #
+    # This uniquely identifies the file: Two objects with the same
+    # identifier are expected to refer to the same file or directory.
+    #
+    # On a disk file system, might be _dev_._inode_,
+    # e.g. "8388621.48598"
+    #
+    # This is optional and does not have to be set.  If set, it is
+    # used in EPLF output.
+
+    attr_reader :identifier
+
+    # Create a new instance.  See the various attributes for argument
+    # details.
+    #
+    # @param opts [Hash] The file attributes
+    # @option opts [String] :ftype The file type
+    # @option opts [String] :group The group name
+    # @option opts [String] :identifier The object's identifier
+    # @option opts [Integer] :mode The mode bits
+    # @option opts [Time] :mtime The modification time
+    # @option opts [Integer] :nlink The number of hard links
+    # @option opts [String] :owner The owner name
+    # @option opts [Integer] :size The size
+    # @option opts [String] :path The object's path
+
+    def initialize(opts)
+      @ftype = opts[:ftype]
+      @group = opts[:group]
+      @identifier = opts[:identifier]
+      @mode = opts[:mode]
+      @mtime = opts[:mtime]
+      @nlink = opts[:nlink]
+      @owner = opts[:owner]
+      @path = opts[:path]
+      @size = opts[:size]
+    end
+
+    # @return true if the object is a file
+
+    def file?
+      @ftype == 'file'
+    end
+
+    # @return true if the object is a directory
+
+    def directory?
+      @ftype == 'directory'
+    end
+
+  end
+
+end

data/lib/ftpd/file_system_helper.rb

@@ -0,0 +1,67 @@
+require_relative 'command_handler'
+
+module Ftpd
+
+  module FileSystemHelper
+
+    def path_list(path)
+      if file_system.directory?(path)
+        path = File.join(path, '*')
+      end
+      file_system.dir(path).sort
+    end
+
+    def ensure_file_system_supports(method)
+      unless file_system.respond_to?(method)
+        unimplemented_error
+      end
+    end
+
+    def ensure_accessible(path)
+      unless file_system.accessible?(path)
+        error 'Access denied', 550
+      end
+    end
+
+    def ensure_exists(path)
+      unless file_system.exists?(path)
+        error 'No such file or directory', 550
+      end
+    end
+
+    def ensure_does_not_exist(path)
+      if file_system.exists?(path)
+        error 'Already exists', 550
+      end
+    end
+
+    def ensure_directory(path)
+      unless file_system.directory?(path)
+        error 'Not a directory', 550
+      end
+    end
+
+    def unique_path(path)
+      suffix = nil
+      100.times do
+        path_with_suffix = [path, suffix].compact.join('.')
+        unless file_system.exists?(path_with_suffix)
+          return path_with_suffix
+        end
+        suffix = generate_suffix
+      end
+      raise "Unable to find unique path"
+    end
+
+    private
+
+    def generate_suffix
+      set = ('a'..'z').to_a
+      8.times.map do
+        set[rand(set.size)]
+      end.join
+    end
+
+  end
+
+end

data/lib/ftpd/ftp_server.rb

@@ -0,0 +1,214 @@
+require_relative 'tls_server'
+
+module Ftpd
+  class FtpServer < TlsServer
+
+    extend Forwardable
+
+    DEFAULT_SERVER_NAME = 'wconrad/ftpd'
+    DEFAULT_SESSION_TIMEOUT = 300 # seconds
+
+    # If true, allow the PORT command to specify privileged data ports
+    # (those below 1024).  Defaults to false.  Setting this to true
+    # makes it easier for an attacker to use the server to attack
+    # another server.  See RFC 2577 section 3.
+    #
+    # Set this before calling #start.
+    #
+    # @return [Boolean]
+
+    attr_accessor :allow_low_data_ports
+
+    # The authentication level.  One of:
+    #
+    # * Ftpd::AUTH_USER
+    # * Ftpd::AUTH_PASSWORD (default)
+    # * Ftpd::AUTH_ACCOUNT
+    #
+    # @return [Integer] The authentication level
+
+    attr_accessor :auth_level
+
+    # The delay (in seconds) after a failed login.  Defaults to 0.
+    # Setting this makes brute force password guessing less efficient
+    # for the attacker.  RFC-2477 suggests a delay of 5 seconds.
+
+    attr_accessor :failed_login_delay
+
+    # The class for formatting for LIST output.  Defaults to
+    # {Ftpd::ListFormat::Ls} (unix "ls -l" style).
+    #
+    # Set this before calling #start.
+    # @return [class that quacks like Ftpd::ListFormat::Ls]
+
+    attr_accessor :list_formatter
+
+    # The logger.  Defaults to nil (no logging).
+    #
+    # Set this before calling #start.
+    #
+    # @return [Logger]
+
+    attr_reader :log
+
+    def log=(logger)
+      @log = logger || NullLogger.new
+    end
+
+    # The maximum number of connections the server will allow.
+    # Defaults to {ConnectionThrottle::DEFAULT_MAX_CONNECTIONS}.
+    #
+    # Set this before calling #start.
+    #
+    # @!attribute max_connections
+    # @return [Integer]
+
+    def_delegator :@connection_throttle, :'max_connections'
+    def_delegator :@connection_throttle, :'max_connections='
+
+    # The maximum number of failed login attempts before disconnecting
+    # the user.  Defaults to nil (no maximum).  When set, this may
+    # makes brute-force password guessing attack less efficient.
+    #
+    # Set this before calling #start.
+    #
+    # @return [Integer]
+
+    attr_accessor :max_failed_logins
+
+    # The maximum number of connections the server will allow from a
+    # given IP.  Defaults to
+    # {ConnectionThrottle::DEFAULT_MAX_CONNECTIONS_PER_IP}.
+    #
+    # Set this before calling #start.
+    #
+    # @!attribute max_connections_per_ip
+    # @return [Integer]
+
+    def_delegator :@connection_throttle, :'max_connections_per_ip'
+    def_delegator :@connection_throttle, :'max_connections_per_ip='
+
+    # The number of seconds to delay before replying.  This is for
+    # testing, when you need to test, for example, client timeouts.
+    # Defaults to 0 (no delay).
+    #
+    # Set this before calling #start.
+    #
+    # @return [Numeric]
+
+    attr_accessor :response_delay
+
+    # The server's name, sent in a STAT reply.  Defaults to
+    # {DEFAULT_SERVER_NAME}.
+    #
+    # Set this before calling #start.
+    #
+    # @return [String]
+
+    attr_accessor :server_name
+
+    # The server's version, sent in a STAT reply.  Defaults to the
+    # contents of the VERSION file.
+    #
+    # Set this before calling #start.
+    #
+    # @return [String]
+
+    attr_accessor :server_version
+
+    # The session timeout.  When a session is awaiting a command, if
+    # one is not received in this many seconds, the session is
+    # disconnected.  Defaults to {DEFAULT_SESSION_TIMEOUT}.  If nil,
+    # then timeout is disabled.
+    #
+    # Set this before calling #start.
+    #
+    # @return [Numeric]
+
+    attr_accessor :session_timeout
+
+    # The exception handler. When there is an unknown exception,
+    # server replies 451 and calls exception_handler. If nil,
+    # then it's ignored.
+    #
+    # @return [Proc]
+
+    attr_accessor :exception_handler
+
+    # Defines the exception_handler.
+
+    def on_exception(&block)
+      self.exception_handler = block
+    end
+
+    # Create a new FTP server.  The server won't start until the
+    # #start method is called.
+    #
+    # @param driver A driver for the server's dynamic behavior such as
+    #               authentication and file system access.
+    #
+    # The driver should expose these public methods:
+    # * {Example::Driver#authenticate authenticate}
+    # * {Example::Driver#file_system file_system}
+
+    def initialize(driver)
+      super()
+      @driver = driver
+      @response_delay = 0
+      @list_formatter = ListFormat::Ls
+      @auth_level = AUTH_PASSWORD
+      @session_timeout = 300
+      @server_name = DEFAULT_SERVER_NAME
+      @server_version = read_version_file
+      @allow_low_data_ports = false
+      @failed_login_delay = 0
+      self.log = nil
+      @connection_tracker = ConnectionTracker.new
+      @connection_throttle = ConnectionThrottle.new(@connection_tracker)
+    end
+
+    private
+
+    def allow_session?(socket)
+      @connection_throttle.allow?(socket)
+    end
+
+    def deny_session socket
+      @connection_throttle.deny socket
+    end
+
+    def session(socket)
+      @connection_tracker.track(socket) do
+        run_session socket
+      end
+    end
+
+    def run_session(socket)
+      config = SessionConfig.new
+      config.allow_low_data_ports = @allow_low_data_ports
+      config.auth_level = @auth_level
+      config.driver = @driver
+      config.failed_login_delay = @failed_login_delay
+      config.list_formatter = @list_formatter
+      config.log = @log
+      config.max_failed_logins = @max_failed_logins
+      config.response_delay = response_delay
+      config.server_name = @server_name
+      config.server_version = @server_version
+      config.session_timeout = @session_timeout
+      config.tls = @tls
+      config.exception_handler = exception_handler
+      session = Session.new(config, socket)
+      session.run
+    end
+
+    def read_version_file
+      File.open(version_file_path, 'r', &:read).strip
+    end
+
+    def version_file_path
+      File.expand_path('../../VERSION', File.dirname(__FILE__))
+    end
+
+  end
+end