Class: Net::FTPFXPTLS

Inherits:
FTPFXP
  • Object
show all
Includes:
OpenSSL
Defined in:
lib/ftpfxp/ftpfxptls.rb

Overview

This class implements the File Transfer Protocol with SSL/TLS secure connections. This class makes secure file transfers extremely easy yet also provides the low level control for users who wish to do things their own ways.

Major Methods

  • #login

  • #fxpprotp

  • #fxpprotc

  • #fxpgetcpsvport

  • #ftpccc

  • #fxpsscnon

  • #fxpsscnoff

  • #fxpto

  • #fxpsscnto

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from FTPFXP

#fastlist, #feat, #file_exists, #fxpgetpasvport, #fxpretr, #fxpsetport, #fxpstor, #fxpwait, #path_exists, #xdupe

Instance Attribute Details

#secure_onObject (readonly)

When true, transfers are performed securely. Default: true.



43
44
45
 
# File 'lib/ftpfxp/ftpfxptls.rb', line 43

def secure_on
  @secure_on
end

Class Method Details

.open(host, user = nil, passwd = nil, mode = 0, acct = nil) ⇒ Object

A synonym for FTPFXPTLS.new. but with a manditory host parameter.

If a block is given, it is passed the FTP object, which will be closed when the block finishes, or when an exception is raised.



51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/ftpfxp/ftpfxptls.rb', line 51

def FTPFXPTLS.open(host, user = nil, passwd = nil, mode = 0, acct = nil)
  if block_given?
    ftpfxptls = new(host, user, passwd, mode, acct)
    begin
      yield ftpfxptls
    ensure
      ftpfxptls.close
    end
  else
    new(host, user, passwd, mode, acct)
  end
end

Instance Method Details

#ftpcccObject

This executes the CCC (Clear Command Channel) command. Though the server may not allow this command because there are security issues with this.



173
174
175
176
177
178
179
 
# File 'lib/ftpfxp/ftpfxptls.rb', line 173

def ftpccc
  synchronize do
    putline('CCC')
    @secure_on = false
    return getresp
  end
end

#fxpgetcpsvportObject

This is the exact same command as PASV, except it requires the control connection to be in protected mode (PROT P) and it tells the server NOT to initiate the SSL/TLS handshake. The other side of CPSV is a PROT P and PORT command, which tells the server to do as usual and initiate SSL/TLS handshake. Server must support CPSV FTP extension protocol command. Most advance FTP servers implements CPSV.



161
162
163
164
165
166
 
# File 'lib/ftpfxp/ftpfxptls.rb', line 161

def fxpgetcpsvport
  synchronize do
    putline('CPSV')
    return getresp
  end
end

#fxppbsz(size) ⇒ Object

This method sets the protection buffer size. Usually this is set to 0 for SSL/TLS transfers.



114
115
116
117
118
119
 
# File 'lib/ftpfxp/ftpfxptls.rb', line 114

def fxppbsz(size)
  synchronize do
    putline("PBSZ #{size}")
    return getresp
  end
end

#fxpprotcObject

Issue this command on the server will set the data connection to unencrypted mode and no SSL/TLS handshake will be initiated for subsequent transfers.



145
146
147
148
149
150
 
# File 'lib/ftpfxp/ftpfxptls.rb', line 145

def fxpprotc
  synchronize do
    putline('PROT C')
    return getresp
  end
end

#fxpprotpObject

This method notifies the server to start using protection mode. Must issue this command on both control connections before CPSV or SSCN when preparing secure FXP. Both servers will attempt to initiate SSL/TLS handshake regardless if it is Active or Passive mode.



128
129
130
131
132
133
134
135
136
137
138
 
# File 'lib/ftpfxp/ftpfxptls.rb', line 128

def fxpprotp
  synchronize do
    # PROT P - Private - Integrity and Privacy
    # PROT E - Confidential - Privacy without Integrity
    # PROT S - Safe - Integrity without Privacy
    # PROT C - Clear - Neither Integrity nor Privacy
    # For TLS, the data connection can only be C or P.
    putline('PROT P')
    return getresp
  end
end

#fxpsscnoffObject

Toggle the SSCN mode to off for this server. If SSCN is off, it tells the server to act in server mode (default) for SSL/TLS handshakes. Server must support the SSCN FTP extension protocol command.



203
204
205
206
207
208
 
# File 'lib/ftpfxp/ftpfxptls.rb', line 203

def fxpsscnoff
  synchronize do
    putline('SSCN OFF')
    return getresp
  end
end

#fxpsscnonObject

Toggle the SSCN mode to on for this server. SSCN requires that protected mode must be turned on (ie. PROT P). If SSCN is on, it tells the server to act in client mode for SSL/TLS handshakes. Server must support the SSCN FTP extension protocol command.



189
190
191
192
193
194
 
# File 'lib/ftpfxp/ftpfxptls.rb', line 189

def fxpsscnon
  synchronize do
    putline('SSCN ON')
    return getresp
  end
end

#fxpsscnto(dst, dstpath, srcpath) ⇒ Object

Do not call this method if you’re using CPSV. This method uses SSCN.

Raises:



245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
 
# File 'lib/ftpfxp/ftpfxptls.rb', line 245

def fxpsscnto(dst, dstpath, srcpath)
  if not @secure_on
    fxpprotp
    @secure_on = true
  end

  fxpsscnoff # We are the server side.
  dst.fxpsscnon # They are the client side.
  pline = fxpgetpasvport
  comp = pline.split(/\s+/)
  ports = String.new(comp[4].gsub('(', '').gsub(')', ''))
  dst.fxpsetport(ports)
  dst.fxpstor(dstpath)
  fxpretr(srcpath)
  resp = {}
  resp[:srcresp] = fxpwait
  raise FTPFXPTLSSrcSiteError unless '226' == resp[:srcresp][0,3]
  resp[:dstresp] = dst.fxpwait
  raise FTPFXPTLSDstSiteError unless '226' == resp[:dstresp][0,3]
  return resp
end

#fxpto(dst, dstpath, srcpath) ⇒ Object

Do not call this method if you’re using SSCN. This method uses CPSV. This raises an exception FTPFXPTLSSrcSiteError if errored on source site and raises an exception FTPFXPTLSDstSiteError if errored on destination site.

Raises:



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
 
# File 'lib/ftpfxp/ftpfxptls.rb', line 219

def fxpto(dst, dstpath, srcpath)
  if not @secure_on
    fxpprotp
    @secure_on = true
  end

  pline = fxpgetcpsvport
  comp = pline.split(/\s+/)
  ports = String.new(comp[4].gsub('(', '').gsub(')', ''))
  dst.fxpsetport(ports)
  dst.fxpstor(dstpath)
  fxpretr(srcpath)
  resp = {}
  resp[:srcresp] = fxpwait
  raise FTPFXPTLSSrcSiteError unless '226' == resp[:srcresp][0,3]
  resp[:dstresp] = dst.fxpwait
  raise FTPFXPTLSDstSiteError unless '226' == resp[:dstresp][0,3]
  return resp
end

#login(user = "anonymous", passwd = nil, mode = 0, acct = nil) ⇒ Object

This method authenticates a user with the ftp server connection. If no username given, defaults to anonymous. If no mode given, defaults to TLS AUTH.

  • mode = 0 for TLS (default)

  • mode = 1 for SSL



71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/ftpfxp/ftpfxptls.rb', line 71

def (user = "anonymous", passwd = nil, mode = 0, acct = nil)
  # SSL/TLS context.
  ctx = OpenSSL::SSL::SSLContext.new
  ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
  ctx.key = nil
  ctx.cert = nil
  if 1 == mode
    voidcmd('AUTH SSL')
  else
    voidcmd('AUTH TLS')
  end
  @sock = OpenSSL::SSL::SSLSocket.new(@sock, ctx)
  @sock.connect

  print "get: #{@sock.peer_cert.to_text}" if @debug_mode

  # Call the original login method.
  super(user, passwd, acct)

  # Protection buffer size must be set to 0 since FTP-TLS does
  # not require this, but it still must be set.
  fxppbsz(0)

  # Set to P since we're using TLS.
  fxpprotp
  @secure_on = true
end