RSi nddlZddlmZddlmZddlmZddlmZddl m Z dgZ Gd de eZ dS) N)SSL) FTPHandler)logger)TLS_DTPHandler)SSLConnectionMixinTLS_FTPHandlerc eZdZdZdZdZdZdZej Z ej ej zZ eedr e ejzZ dZeZejZeeddddeddddedddd d dfd Zd Zed ZdZdZfdZdZdZ dZ!dZ"dZ#xZ$S)r aA FTPHandler subclass supporting TLS/SSL. Implements AUTH, PBSZ and PROT commands (RFC-2228 and RFC-4217). Configurable attributes: - (bool) tls_control_required: When True requires SSL/TLS to be established on the control channel, before logging in. This means the user will have to issue AUTH before USER/PASS (default False). - (bool) tls_data_required: When True requires SSL/TLS to be established on the data channel. This means the user will have to issue PROT before PASV or PORT (default False). SSL-specific options: - (string) certfile: the path to the file which contains a certificate to be used to identify the local side of the connection. This must always be specified, unless context is provided instead. - (string) keyfile: the path to the file containing the private RSA key; can be omitted if certfile already contains the private key (defaults: None). - (int) ssl_protocol: the desired SSL protocol version to use. This defaults to TLS_SERVER_METHOD, which includes TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. The actual protocol version used will be negotiated to the highest version mutually supported by the client and the server. - (int) ssl_options: specific OpenSSL options. These default to: SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_NO_COMPRESSION ...which are all considered insecure features. Can be set to None in order to improve compatibility with older (insecure) FTP clients. - (instance) ssl_context: a SSL Context object previously configured; if specified all other parameters will be ignored. (default None). FNOP_NO_COMPRESSIONTz:Syntax: AUTH TLS|SSL (set up secure control channel).)permautharghelpz+Syntax: PBSZ 0 (negotiate TLS buffer).z8Syntax: PROT [C|P] (set up un/secure data channel).)AUTHPBSZPROTct||||jsdSgd|_d|_d|_||_dS)N)zAUTH TLSzAUTH SSLrrF)super__init__ connected _extra_feats_pbsz_protget_ssl_context ssl_context)selfconnserverioloop __class__s S/home/jrussi/.local/lib/python3.11/site-packages/pyftpdlib/handlers/ftps/control.pyrzTLS_FTPHandler.__init__ksd vv...~  FDDD  //11c*tj|SN)r__repr__rs r!r%zTLS_FTPHandler.__repr__ts"4(((r"c|j|jtdtj|j|_|js |j|_|j|jfD]:}tj |js|d}t|;|j |j|j |j|j r|j|j |jS)Nz#at least certfile must be specifiedz does not exist)rcertfile ValueErrorrContext ssl_protocolkeyfileospathisfileFileNotFoundErroruse_certificate_chain_fileuse_privatekey_file ssl_options set_options)clsfilemsgs r!rzTLS_FTPHandler.get_ssl_contextws ? "|# !FGGG!k#*:;;CO; +!l s{3 1 1w~~cl331!444C+C0001 O 6 6s| D D D O / / < < < =++CO<<<r"cJtj|d|_d|_dS)NF)r flush_accountrrr&s r!r9zTLS_FTPHandler.flush_accounts% &&&  r"cd|dvrI|jrA|js:d}|d|z|||dd|dSnL|dvrH|jrA|js:d}|d|z|||dd|dSt j||g|Ri|dS)N)USERPASSz(SSL/TLS required on the control channel.z550 ri&)PASVEPSVPORTEPRTz%SSL/TLS required on the data channel.)tls_control_required_ssl_establishedrespondlog_cmdtls_data_requiredrrprocess_command)rcmdargskwargsr7s r!rFzTLS_FTPHandler.process_commands " " "( 1F @ Vc\*** S$q'3444 4 4 4% dj = Vc\*** S$q'3444"4>t>>>v>>>>>r"c|jr*tjd|dSt dS)zfCalled when client does not send any command within the time specified in attribute.zSSL handshake timeoutN)_ssl_acceptingrinfocloserhandle_timeout)rr s r!rNzTLS_FTPHandler.handle_timeoutsN   % K/ 0 0 0 JJLLLLL GG " " $ $ $ $ $r"cVtj|tj|dSr$)rrMrr&s r!rMzTLS_FTPHandler.closes* &&&r"cX|d|dS)NzSSL handshake failed.)logrMr&s r!handle_failed_ssl_handshakez*TLS_FTPHandler.handle_failed_ssl_handshakes( ())) r"c6|}t|jtjr|ddS|dvr5|d|d||jdS|ddS)zSet up secure control channel.z503 Already using TLS.)TLSzTLS-CrzTLS-Pz 234 AUTH z successful.z2502 Unrecognized encryption type (use TLS or SSL).N)upper isinstancesocketr ConnectionrCsecure_connectionrrliners r!ftp_AUTHzTLS_FTPHandler.ftp_AUTHsjjll dk3> 2 2 O LL1 2 2 2 2 2 4 4 4 LL6S666 7 7 7  " "4#3 4 4 4 4 4 LLM N N N N Nr"ct|jtjs|ddS|dd|_dS)zNegotiate size of buffer for secure data transfer. For TLS/SSL the only valid value for the parameter is '0'. Any other value is accepted but ignored. z4503 PBSZ not allowed on insecure control connection.z200 PBSZ=0 successful.TN)rVrWrrXrCr)rr[s r!ftp_PBSZzTLS_FTPHandler.ftp_PBSZs] $+s~66  LLF      LL1 2 2 2DJJJr"c|}t|jtjs|dd S|js|dd S|dkr|dd|_d S|dkr|dd|_d S|d vr|d |d d S|d d S)zSetup un/secure data channel.z4503 PROT not allowed on insecure control connection.z2503 You must issue the PBSZ command prior to PROT.Cz200 Protection set to ClearFPz200 Protection set to PrivateT)SEz 521 PROT z unsupported (use C or P).z(502 Unrecognized PROT type (use C or P).N)rUrVrWrrXrCrrrZs r!ftp_PROTzTLS_FTPHandler.ftp_PROTsjjll$+s~66 E LLF      E LLM N N N N N CZZ LL6 7 7 7DJJJ CZZ LL8 9 9 9DJJJ J   LLDSDDD E E E E E LLC D D D D Dr"r$)%__name__ __module__ __qualname____doc__rArEr(r,rTLS_SERVER_METHODr+ OP_NO_SSLv2 OP_NO_SSLv3r3hasattrr rr dtp_handlerr proto_cmdscopyupdatedictrr% classmethodrr9rFrNrMrRr\r^rd __classcell__)r s@r!r r s..b!HG(L /CO3Kws'((-s,, K!K&++--JM    >    K    *222222)))[0 ? ? ?%%%%%  O O O   EEEEEEEr") r-OpenSSLrpyftpdlib.handlers.ftp.controlr pyftpdlib.logrdatarsslr__all__r r"r!r{s  555555 ######  WEWEWEWEWE'WEWEWEWEWEr"