Class: Net::FTPFXPTLS

Inherits:

FTPFXP

• Object
• FTP
• FTPFXP
• Net::FTPFXPTLS

Includes:

OpenSSL

Defined in:

lib/ftpfxp/ftpfxptls.rb

Overview

This class implements the File Transfer Protocol with SSL/TLS secure connections. This class makes secure file transfers extremely easy yet also provides the low level control for users who wish to do things their own ways.

Major Methods

• #login

• #fxpprotp

• #fxpprotc

• #fxpgetcpsvport

• #ftpccc

• #fxpsscnon

• #fxpsscnoff

• #fxpto

• #fxpsscnto

Instance Attribute Summary

• #secure_on ⇒ Object readonly

  When true, transfers are performed securely.

Class Method Summary

• .open(host, user = nil, passwd = nil, mode = 0, acct = nil) ⇒ Object

  A synonym for FTPFXPTLS.new.

Instance Method Summary

• #ftpccc ⇒ Object

  This executes the CCC (Clear Command Channel) command.

• #fxpgetcpsvport ⇒ Object

  This is the exact same command as PASV, except it requires the control connection to be in protected mode (PROT P) and it tells the server NOT to initiate the SSL/TLS handshake.

• #fxppbsz(size) ⇒ Object

  This method sets the protection buffer size.

• #fxpprotc ⇒ Object

  Issue this command on the server will set the data connection to unencrypted mode and no SSL/TLS handshake will be initiated for subsequent transfers.

• #fxpprotp ⇒ Object

  This method notifies the server to start using protection mode.

• #fxpsscnoff ⇒ Object

  Toggle the SSCN mode to off for this server.

• #fxpsscnon ⇒ Object

  Toggle the SSCN mode to on for this server.

• #fxpsscnto(dst, dstpath, srcpath) ⇒ Object

  Do not call this method if you’re using CPSV. This method uses SSCN.

• #fxpto(dst, dstpath, srcpath) ⇒ Object

  Do not call this method if you’re using SSCN. This method uses CPSV.

• #login(user = "anonymous", passwd = nil, mode = 0, acct = nil) ⇒ Object

  This method authenticates a user with the ftp server connection.

Methods inherited from FTPFXP

#fastlist, #feat, #file_exists, #fxpgetpasvport, #fxpretr, #fxpsetport, #fxpstor, #fxpwait, #path_exists, #xdupe

Instance Attribute Details

#secure_on ⇒ Object (readonly)

When true, transfers are performed securely. Default: true.

# File 'lib/ftpfxp/ftpfxptls.rb', line 43

def secure_on
  @secure_on
end

Class Method Details

.open(host, user = nil, passwd = nil, mode = 0, acct = nil) ⇒ Object

A synonym for FTPFXPTLS.new. but with a manditory host parameter.

If a block is given, it is passed the FTP object, which will be closed when the block finishes, or when an exception is raised.

# File 'lib/ftpfxp/ftpfxptls.rb', line 51

def FTPFXPTLS.open(host, user = nil, passwd = nil, mode = 0, acct = nil)
	if block_given?
		ftpfxptls = new(host, user, passwd, mode, acct)
		begin
			yield ftpfxptls
		ensure
			ftpfxptls.close
		end
	else
		new(host, user, passwd, mode, acct)
	end
end

Instance Method Details

#ftpccc ⇒ Object

This executes the CCC (Clear Command Channel) command. Though the server may not allow this command because there are security issues with this.

# File 'lib/ftpfxp/ftpfxptls.rb', line 173

def ftpccc
	synchronize do
		putline('CCC')
		@secure_on = false
		return getresp
	end
end

#fxpgetcpsvport ⇒ Object

This is the exact same command as PASV, except it requires the control connection to be in protected mode (PROT P) and it tells the server NOT to initiate the SSL/TLS handshake. The other side of CPSV is a PROT P and PORT command, which tells the server to do as usual and initiate SSL/TLS handshake. Server must support CPSV FTP extension protocol command. Most advance FTP servers implements CPSV.

# File 'lib/ftpfxp/ftpfxptls.rb', line 161

def fxpgetcpsvport
	synchronize do
		putline('CPSV')
		return getresp
	end
end

#fxppbsz(size) ⇒ Object

This method sets the protection buffer size. Usually this is set to 0 for SSL/TLS transfers.

# File 'lib/ftpfxp/ftpfxptls.rb', line 114

def fxppbsz(size)
	synchronize do
		putline("PBSZ #{size}")
		return getresp
	end
end

#fxpprotc ⇒ Object

Issue this command on the server will set the data connection to unencrypted mode and no SSL/TLS handshake will be initiated for subsequent transfers.

# File 'lib/ftpfxp/ftpfxptls.rb', line 145

def fxpprotc
	synchronize do
		putline('PROT C')
		return getresp
	end
end

#fxpprotp ⇒ Object

This method notifies the server to start using protection mode. Must issue this command on both control connections before CPSV or SSCN when preparing secure FXP. Both servers will attempt to initiate SSL/TLS handshake regardless if it is Active or Passive mode.

# File 'lib/ftpfxp/ftpfxptls.rb', line 128

def fxpprotp
	synchronize do
		# PROT P - Private - Integrity and Privacy
		# PROT E - Confidential - Privacy without Integrity
		# PROT S - Safe - Integrity without Privacy
		# PROT C - Clear - Neither Integrity nor Privacy
		# For TLS, the data connection can only be C or P.
		putline('PROT P')
		return getresp
	end
end

#fxpsscnoff ⇒ Object

Toggle the SSCN mode to off for this server. If SSCN is off, it tells the server to act in server mode (default) for SSL/TLS handshakes. Server must support the SSCN FTP extension protocol command.

# File 'lib/ftpfxp/ftpfxptls.rb', line 203

def fxpsscnoff
	synchronize do
		putline('SSCN OFF')
		return getresp
	end
end

#fxpsscnon ⇒ Object

Toggle the SSCN mode to on for this server. SSCN requires that protected mode must be turned on (ie. PROT P). If SSCN is on, it tells the server to act in client mode for SSL/TLS handshakes. Server must support the SSCN FTP extension protocol command.

# File 'lib/ftpfxp/ftpfxptls.rb', line 189

def fxpsscnon
	synchronize do
		putline('SSCN ON')
		return getresp
	end
end

#fxpsscnto(dst, dstpath, srcpath) ⇒ Object

Do not call this method if you’re using CPSV. This method uses SSCN.

Raises:

• (FTPFXPTLSSrcSiteError)

# File 'lib/ftpfxp/ftpfxptls.rb', line 245

def fxpsscnto(dst, dstpath, srcpath)
	if not @secure_on
		fxpprotp
		@secure_on = true
	end

	fxpsscnoff # We are the server side.
	dst.fxpsscnon # They are the client side.
	pline = fxpgetpasvport
	comp = pline.split(/\s+/)
	ports = String.new(comp[4].gsub('(', '').gsub(')', ''))
	dst.fxpsetport(ports)
	dst.fxpstor(dstpath)
	fxpretr(srcpath)
	resp = {}
	resp[:srcresp] = fxpwait
	raise FTPFXPTLSSrcSiteError unless '226' == resp[:srcresp][0,3]
	resp[:dstresp] = dst.fxpwait
	raise FTPFXPTLSDstSiteError unless '226' == resp[:dstresp][0,3]
	return resp
end

#fxpto(dst, dstpath, srcpath) ⇒ Object

Do not call this method if you’re using SSCN. This method uses CPSV. This raises an exception FTPFXPTLSSrcSiteError if errored on source site and raises an exception FTPFXPTLSDstSiteError if errored on destination site.

Raises:

• (FTPFXPTLSSrcSiteError)

# File 'lib/ftpfxp/ftpfxptls.rb', line 219

def fxpto(dst, dstpath, srcpath)
	if not @secure_on
		fxpprotp
		@secure_on = true
	end

	pline = fxpgetcpsvport
	comp = pline.split(/\s+/)
	ports = String.new(comp[4].gsub('(', '').gsub(')', ''))
	dst.fxpsetport(ports)
	dst.fxpstor(dstpath)
	fxpretr(srcpath)
	resp = {}
	resp[:srcresp] = fxpwait
	raise FTPFXPTLSSrcSiteError unless '226' == resp[:srcresp][0,3]
	resp[:dstresp] = dst.fxpwait
	raise FTPFXPTLSDstSiteError unless '226' == resp[:dstresp][0,3]
	return resp
end

#login(user = "anonymous", passwd = nil, mode = 0, acct = nil) ⇒ Object

This method authenticates a user with the ftp server connection. If no username given, defaults to anonymous. If no mode given, defaults to TLS AUTH.

• mode = 0 for TLS (default)

• mode = 1 for SSL

# File 'lib/ftpfxp/ftpfxptls.rb', line 71

def login(user = "anonymous", passwd = nil, mode = 0, acct = nil)
	# SSL/TLS context.
	ctx = OpenSSL::SSL::SSLContext.new
	ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
	ctx.key = nil
	ctx.cert = nil
	if 1 == mode
		voidcmd('AUTH SSL')
	else
		voidcmd('AUTH TLS')
	end
	@sock = OpenSSL::SSL::SSLSocket.new(@sock, ctx)
	@sock.connect

	print "get: #{@sock.peer_cert.to_text}" if @debug_mode

	# Call the original login method.
	super(user, passwd, acct)

	# Protection buffer size must be set to 0 since FTP-TLS does
	# not require this, but it still must be set.
	fxppbsz(0)

	# Set to P since we're using TLS.
	fxpprotp
	@secure_on = true
end