Class: Net::FTPFXPTLS

Inherits:

FTPFXP

• Object
• FTP
• FTPFXP
• Net::FTPFXPTLS

Includes:

OpenSSL

Defined in:

lib/ftpfxp/ftpfxptls.rb

Overview

This class implements the File Transfer Protocol with SSL/TLS secure connections. This class makes secure file transfers extremely easy yet also provides the low level control for users who wish to do things their own ways.

Major Methods

• #login

• #fxpprotp

• #fxpprotc

• #fxpgetcpsvport

• #ftpccc

• #fxpsscnon

• #fxpsscnoff

• #fxpto

• #fxpsscnto

Instance Attribute Summary

• #secure_on ⇒ Object readonly

  When true, transfers are performed securely.

Class Method Summary

• .open(host, user = nil, passwd = nil, mode = 0, acct = nil) ⇒ Object

  A synonym for FTPFXPTLS.new.

Instance Method Summary

• #ftpccc ⇒ Object

  This executes the CCC (Clear Command Channel) command.

• #fxpgetcpsvport ⇒ Object

  This is the exact same command as PASV, except it requires the control connection to be in protected mode (PROT P) and it tells the server NOT to initiate the SSL/TLS handshake.

• #fxpprotc ⇒ Object

  Issue this command on the server will set the data connection to unencrypted mode and no SSL/TLS handshake will be initiated for subsequent transfers.

• #fxpprotp ⇒ Object

  This method notifies the server to start using protection mode.

• #fxpsscnoff ⇒ Object

  Toggle the SSCN mode to off for this server.

• #fxpsscnon ⇒ Object

  Toggle the SSCN mode to on for this server.

• #fxpsscnto(dst, dstpath, srcpath) ⇒ Object

  Do not call this method if you’re using CPSV. This method uses SSCN.

• #fxpto(dst, dstpath, srcpath) ⇒ Object

  Do not call this method if you’re using SSCN. This method uses CPSV.

• #login(user = "anonymous", passwd = nil, mode = 0, acct = nil) ⇒ Object

  This method authenticates a user with the ftp server connection.

Methods inherited from FTPFXP

#fastlist, #feat, #fileExists, #fxpgetpasvport, #fxpretr, #fxpsetport, #fxpstor, #fxpwait, #xdupe

Instance Attribute Details

#secure_on ⇒ Object (readonly)

When true, transfers are performed securely. Default: true.

# File 'lib/ftpfxp/ftpfxptls.rb', line 43

def secure_on
  @secure_on
end

Class Method Details

.open(host, user = nil, passwd = nil, mode = 0, acct = nil) ⇒ Object

A synonym for FTPFXPTLS.new. but with a manditory host parameter.

If a block is given, it is passed the FTP object, which will be closed when the block finishes, or when an exception is raised.

# File 'lib/ftpfxp/ftpfxptls.rb', line 51

def FTPFXPTLS.open(host, user = nil, passwd = nil, mode = 0, acct = nil)
  if block_given?
    ftpfxptls = new(host, user, passwd, mode, acct)
    begin
      yield ftpfxptls
    ensure
      ftpfxptls.close
    end
  else
    new(host, user, passwd, mode, acct)
  end
end

Instance Method Details

#ftpccc ⇒ Object

This executes the CCC (Clear Command Channel) command. Though the server may not allow this command because there are security issues with this.

# File 'lib/ftpfxp/ftpfxptls.rb', line 162

def ftpccc
  synchronize do
    putline('CCC')
    @secure_on = false
    return getresp
  end
end

#fxpgetcpsvport ⇒ Object

This is the exact same command as PASV, except it requires the control connection to be in protected mode (PROT P) and it tells the server NOT to initiate the SSL/TLS handshake. The other side of CPSV is a PROT P and PORT command, which tells the server to do as usual and initiate SSL/TLS handshake. Server must support CPSV FTP extension protocol command. Most advance FTP servers implements CPSV.

# File 'lib/ftpfxp/ftpfxptls.rb', line 150

def fxpgetcpsvport
  synchronize do
    putline('CPSV')
    return getresp
  end
end

#fxpprotc ⇒ Object

Issue this command on the server will set the data connection to unencrypted mode and no SSL/TLS handshake will be initiated for subsequent transfers.

# File 'lib/ftpfxp/ftpfxptls.rb', line 134

def fxpprotc
  synchronize do
    putline('PROT C')
    return getresp
  end
end

#fxpprotp ⇒ Object

This method notifies the server to start using protection mode. Must issue this command on both control connections before CPSV or SSCN when preparing secure FXP. Both servers will attempt to initiate SSL/TLS handshake regardless if it is Active or Passive mode.

# File 'lib/ftpfxp/ftpfxptls.rb', line 117

def fxpprotp
  synchronize do
    # PROT P - Private - Integrity and Privacy
    # PROT E - Confidential - Privacy without Integrity
    # PROT S - Safe - Integrity without Privacy
    # PROT C - Clear - Neither Integrity nor Privacy
    # For TLS, the data connection can only be C or P.
    putline('PROT P')
    return getresp
  end
end

#fxpsscnoff ⇒ Object

Toggle the SSCN mode to off for this server. If SSCN is off, it tells the server to act in server mode (default) for SSL/TLS handshakes. Server must support the SSCN FTP extension protocol command.

# File 'lib/ftpfxp/ftpfxptls.rb', line 192

def fxpsscnoff
  synchronize do
    putline('SSCN OFF')
    return getresp
  end
end

#fxpsscnon ⇒ Object

Toggle the SSCN mode to on for this server. SSCN requires that protected mode must be turned on (ie. PROT P). If SSCN is on, it tells the server to act in client mode for SSL/TLS handshakes. Server must support the SSCN FTP extension protocol command.

# File 'lib/ftpfxp/ftpfxptls.rb', line 178

def fxpsscnon
  synchronize do
    putline('SSCN ON')
    return getresp
  end
end

#fxpsscnto(dst, dstpath, srcpath) ⇒ Object

Do not call this method if you’re using CPSV. This method uses SSCN.

Raises:

• (FTPFXPTLSSrcSiteError)

# File 'lib/ftpfxp/ftpfxptls.rb', line 233

def fxpsscnto(dst, dstpath, srcpath)
  if not @secure_on
    voidcmd('PROT P')
    @secure_on = true
  end

  fxpsscnoff # We are the server side.
  dst.fxpsscnon # They are the client side.
  pline = fxpgetpasvport
  comp = pline.split(/\s+/)
  ports = String.new(comp[4].gsub('(', '').gsub(')', ''))
  dst.fxpsetport(ports)
  dst.fxpstor(dstpath)
  fxpretr(srcpath)
  resp = fxpwait
  raise FTPFXPTLSSrcSiteError unless '226' == resp[0,3]
  resp = dst.fxpwait
  raise FTPFXPTLSDstSiteError unless '226' == resp[0,3]
  return resp
end

#fxpto(dst, dstpath, srcpath) ⇒ Object

Do not call this method if you’re using SSCN. This method uses CPSV. This raises an exception FTPFXPTLSSrcSiteError if errored on source site and raises an exception FTPFXPTLSDstSiteError if errored on destination site.

Raises:

• (FTPFXPTLSSrcSiteError)

# File 'lib/ftpfxp/ftpfxptls.rb', line 208

def fxpto(dst, dstpath, srcpath)
  if not @secure_on
    voidcmd('PROT P')
    @secure_on = true
  end

  pline = fxpgetcpsvport
  comp = pline.split(/\s+/)
  ports = String.new(comp[4].gsub('(', '').gsub(')', ''))
  dst.fxpsetport(ports)
  dst.fxpstor(dstpath)
  fxpretr(srcpath)
  resp = fxpwait
  raise FTPFXPTLSSrcSiteError unless '226' == resp[0,3]
  resp = dst.fxpwait
  raise FTPFXPTLSDstSiteError unless '226' == resp[0,3]
  return resp
end

#login(user = "anonymous", passwd = nil, mode = 0, acct = nil) ⇒ Object

This method authenticates a user with the ftp server connection. If no username given, defaults to anonymous. If no mode given, defaults to TLS AUTH.

• mode = 0 for TLS (default)

• mode = 1 for SSL

# File 'lib/ftpfxp/ftpfxptls.rb', line 71

def login(user = "anonymous", passwd = nil, mode = 0, acct = nil)
  # SSL/TLS context.
  ctx = OpenSSL::SSL::SSLContext.new
  ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
  ctx.key = nil
  ctx.cert = nil
  if 1 == mode
    voidcmd('AUTH SSL')
  else
    voidcmd('AUTH TLS')
  end
  @sock = OpenSSL::SSL::SSLSocket.new(@sock, ctx)
  @sock.connect

  print "get: #{@sock.peer_cert.to_text}" if @debug_mode

  # Call the original login method.
  super(user, passwd, acct)

  # Protection buffer size must be set to 0 since FTP-TLS does
  # not require this, but it still must be set.
  voidcmd('PBSZ 0')

  # Set to P since we're using TLS.
  voidcmd('PROT P')
  @secure_on = true
end