RFC compliance
This page documents FTPDs compliance (or not) with the RFCs that define the FTP protocol.
This document is modeled after this one from the pyftpdlib wiki. pyftpdlib is what every FTP library wants to be when it grows up.
RFC-959 - File Transfer Protocol
- Issued: October 1985
- Status: STANDARD
- Obsoletes: RFC-765
- Updated by: RFC-1123 RFC-2228 RFC-2640 RFC-2773
- link
Commands supported:
ABOR No --- Abort transfer
ACCT Yes 0.4.0 Specify user's account
ALLO Yes 0.2.0 Allocate storage space
Treated as a NOOP
APPE Yes 0.4.0 Append to file
CDUP Yes 0.1.0 Change to parent directory
CWD Yes 0.1.0 Change working directory
DELE Yes 0.1.0 Delete file
HELP Yes 0.2.2 Help
LIST Yes 0.1.0 List directory
MKD Yes 0.2.1 Make directory
MODE Yes 0.1.0 Set transfer mode
"Stream" mode supported; "Block" and
"Compressed" are not
NLST Yes 0.1.0 Name list
NOOP Yes 0.1.0 No Operation
PASS Yes 0.1.0 Set user password
PASV Yes 0.1.0 Set passive mode
PORT Yes 0.1.0 Set active mode
PWD Yes 0.1.0 Print working directory
QUIT Yes 0.1.0 Quit session
REIN No --- Reinitialize session
REST No --- Restart transfer
RETR Yes 0.1.0 Retrieve file
RMD Yes 0.2.1 Remove directory
RNFR Yes 0.2.1 Rename file (from)
RNTO Yes 0.2.1 Rename file (to)
SITE No --- Site specific commands
SMNT No --- Structure Mount
STAT Yes 0.5.0 Server status
STOR Yes 0.1.0 Store file
STOU Yes 0.2.2 Store with unique name
STRU Yes 0.1.0 Set file structure
Supports "File" structure only. "Record" and
"Page" are not supported
SYST Yes 0.2.0 Get system type
Always returns "UNIX Type: L8"
TYPE Yes 0.1.0 Set representation type
Supports ascii non-print and binary-non-print
only
USER Yes 0.1.0 Set user
RFC-1123 - Requirements for Internet Hosts
Extends and clarifies some aspects of RFC-959. Introduces new response codes 554 and 555.
- Issued: October 1989
- Status: STANDARD
- link
The following compliance table is lifted out of the RFC and annotated with "C" where FTPD complies, or "E" where compliance is not required.
| | | | |S| |
| | | | |H| |F
| | | | |O|M|o
| | |S| |U|U|o
| | |H| |L|S|t
| |M|O| |D|T|n
| |U|U|M| | |o
| |S|L|A|N|N|t
| |T|D|Y|O|O|t
FEATURE |SECTION | | | |T|T|e
-------------------------------------------|---------------|-|-|-|-|-|--
Implement TYPE T if same as TYPE N |4.1.2.2 | |x| | | | C
File/Record transform invertible if poss. |4.1.2.4 | |x| | | | C
Server-FTP implement PASV |4.1.2.6 |x| | | | | C
PASV is per-transfer |4.1.2.6 |x| | | | | C
NLST reply usable in RETR cmds |4.1.2.7 |x| | | | | C
Implied type for LIST and NLST |4.1.2.7 | |x| | | | C
SITE cmd for non-standard features |4.1.2.8 | |x| | | | C
STOU cmd return pathname as specified |4.1.2.9 |x| | | | | C
Use TCP READ boundaries on control conn. |4.1.2.10 | | | | |x| C
Server-FTP send only correct reply format |4.1.2.11 |x| | | | | C
Server-FTP use defined reply code if poss. |4.1.2.11 | |x| | | | C
New reply code following Section 4.2 |4.1.2.11 | | |x| | | E
Default data port same IP addr as ctl conn |4.1.2.12 |x| | | | | C
Server-FTP handle Telnet options |4.1.2.12 |x| | | | | C
Handle "Experimental" directory cmds |4.1.3.1 | |x| | | | C
Idle timeout in server-FTP |4.1.3.2 | |x| | | | C
Configurable idle timeout |4.1.3.2 | |x| | | | C
Receiver checkpoint data at Restart Marker |4.1.3.4 | |x| | | | E
Sender assume 110 replies are synchronous |4.1.3.4 | | | | |x| E
| | | | | | | -
Support TYPE: | | | | | | | -
ASCII - Non-Print (AN) |4.1.2.13 |x| | | | | C
ASCII - Telnet (AT) -- if same as AN |4.1.2.2 | |x| | | | C
ASCII - Carriage Control (AC) |959 3.1.1.5.2 | | |x| | | E
EBCDIC - (any form) |959 3.1.1.2 | | |x| | | E
IMAGE |4.1.2.1 |x| | | | | C
LOCAL 8 |4.1.2.1 |x| | | | | C
LOCAL m |4.1.2.1 | | |x| | |2 E
| | | | | | | -
Support MODE: | | | | | | | -
Stream |4.1.2.13 |x| | | | | C
Block |959 3.4.2 | | |x| | | E
| | | | | | | -
Support STRUCTURE: | | | | | | | -
File |4.1.2.13 |x| | | | | C
Record |4.1.2.13 |x| | | | |3 E
Page |4.1.2.3 | | | |x| | E
| | | | | | | -
Support commands: | | | | | | | -
USER |4.1.2.13 |x| | | | | C
PASS |4.1.2.13 |x| | | | | C
ACCT |4.1.2.13 |x| | | | | C
CWD |4.1.2.13 |x| | | | | C
CDUP |4.1.2.13 |x| | | | | C
SMNT |959 5.3.1 | | |x| | | E
REIN |959 5.3.1 | | |x| | | E
QUIT |4.1.2.13 |x| | | | | C
| | | | | | | -
PORT |4.1.2.13 |x| | | | | C
PASV |4.1.2.6 |x| | | | | C
TYPE |4.1.2.13 |x| | | | |1 C
STRU |4.1.2.13 |x| | | | |1 C
MODE |4.1.2.13 |x| | | | |1 C
| | | | | | | -
RETR |4.1.2.13 |x| | | | | C
STOR |4.1.2.13 |x| | | | | C
STOU |959 5.3.1 | | |x| | | C
APPE |4.1.2.13 |x| | | | | C
ALLO |959 5.3.1 | | |x| | | C
REST |959 5.3.1 | | |x| | | E
RNFR |4.1.2.13 |x| | | | | C
RNTO |4.1.2.13 |x| | | | | C
ABOR |959 5.3.1 | | |x| | | E
DELE |4.1.2.13 |x| | | | | C
RMD |4.1.2.13 |x| | | | | C
MKD |4.1.2.13 |x| | | | | C
PWD |4.1.2.13 |x| | | | | C
LIST |4.1.2.13 |x| | | | | C
NLST |4.1.2.13 |x| | | | | C
SITE |4.1.2.8 | | |x| | | E
STAT |4.1.2.13 |x| | | | | C
SYST |4.1.2.13 |x| | | | | C
HELP |4.1.2.13 |x| | | | | C
NOOP |4.1.2.13 |x| | | | | C
Footnotes:
(1) For the values shown earlier.
(2) Here m is number of bits in a memory word.
(3) Required for host with record-structured file system, optional
otherwise.
RFC-2228 - FTP Security Extensions
Specifies several security extensions to the base FTP protocol defined in RFC-959. New commands: AUTH, ADAT, PROT, PBSZ, CCC, MIC, CONF, and ENC. New response codes: 232, 234, 235, 334, 335, 336, 431, 533, 534, 535, 536, 537, 631, 632, and 633.
AUTH Yes 0.1.0 Authentication/Security Mechanism
ADAT No --- Authentication/Security Data
PROT Yes 0.1.0 Data Channel Protection Level
PBSZ Yes 0.1.0 Protection Buffer Size
CCC No --- Clear Command Channel
MIC No --- Integrity Protect Command
CONF No --- Confidentiality Protected Command
ENC No --- Privacy Protected Command
RFC-2389 - Feature negotiation mechanism for the File Transfer Protocol
Introduces the new FEAT and OPTS commands.
- Issued: August 1998
- Status: PROPOSED STANDARD
- link
FEAT Yes 0.6.0 List new supported commands
OPTS Yes 0.6.0 Set options for certain commands
RFC-2428 - FTP Extensions for IPv6 and NATs
Introduces the new commands EPRT and EPSV extending FTP to enable its use over various network protocols, and the new response codes 522 and 229.
- Issued: September 1998
- Status: PROPOSED STANDARD
- link
EPRT Yes 0.9.0 Set active data connection over IPv4 or IPv6
EPSV Yes 0.9.0 Set passive data connection over IPv4 or IPv6
RFC-2577 - FTP Security Considerations
Provides several configuration and implementation suggestions to mitigate some security concerns, including limiting failed password attempts and third-party "proxy FTP" transfers, which can be used in "bounce attacks".
- Issued: May 1999
- Status: INFORMATIONAL
- link
FTP bounce protection
Restrict PASV/PORT to non-priv. ports Yes 0.5.0
Disconnect after so many wrong auths. Yes 0.6.0
Delay on invalid password Yes 0.6.0
Per-source IP limit Yes 0.6.0
Do not reject wrong usernames Yes 0.1.0
Port stealing protection Yes 0.1.0
RFC-2640 - Internationalization of the File Transfer Protocol
Extends the FTP protocol to support multiple character sets, in addition to the original 7-bit ASCII. Introduces the new LANG command.
- Issued: July 1999
- Status: PROPOSED STANDARD
- link
LANG command No ---
UNICODE No ---
RFC-3659 - Extensions to FTP
Four new commands are added: "SIZE", "MDTM", "MLST", and "MLSD". The existing command "REST" is modified.
MDTM command Yes --- Get file's last modification time
MLSD command No --- Get directory list in a standardized form.
MLST command No --- Get file information in a standardized form.
SIZE command Yes --- Get file size.
TVSF mechanism No --- Unix-like file system naming conventions
Min. MLST facts No ---
GMT timestamps Yes ---
RFC-4217 - Securing FTP with TLS
Provides a description on how to implement TLS as a security mechanism to secure FTP clients and/or servers.
AUTH Yes 0.1.0 Authentication/Security Mechanism
CCC No --- Clear Command Channel
PBSZ Yes 0.1.0 Protection Buffer Size
PROT Yes 0.1.0 Data Channel Protection Level.
Support only "Private" level