third_party/pyftpdlib/doc/tutorial.html - Issue 16429: python based ftp server

Unified Diff: third_party/pyftpdlib/doc/tutorial.html

Issue 16429: python based ftp server (Closed) Base URL: http://src.chromium.org/svn/trunk/src/

Patch Set: '' Created 12 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Index: third_party/pyftpdlib/doc/tutorial.html

===================================================================

--- third_party/pyftpdlib/doc/tutorial.html (revision 0)

+++ third_party/pyftpdlib/doc/tutorial.html (revision 0)

@@ -0,0 +1,329 @@

+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+<html xmlns="http://www.w3.org/1999/xhtml">

+<head>

+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

+<title>pyftpdlib Tutorial</title>

+</head>

+<body>

+<div id="wikicontent">

+ <h1><a name="1.0_-_Introduction" id="1.0_-_Introduction">1.0 - Introduction</a></h1>

+ <a name="1.0_-_Introduction" id="1.0_-_Introduction">pyftpdlib implements the server side of the FTP protocol as defined in </a><a href="http://www.faqs.org/rfcs/rfc959.html" rel="nofollow">RFC-959</a>. pyftpdlib consist of a single file, ftpserver.py, which contains a hierarchy of classes, functions and variables which implement the backend functionality for the ftpd. This document is intended to serve as a simple API reference of most important classes and functions. Also included is an introduction to customization through the use of some example scripts.

+ If you have written a customized configuration you think could be useful to the community feel free to share it by adding a comment at the end of this document.

+ <h1><a name="2.0_-_API_reference" id="2.0_-_API_reference">2.0 - API reference</a></h1>

+ <a name="2.0_-_API_reference" id="2.0_-_API_reference">function ftpserver.log(msg) </a>

+ <blockquote><a name="2.0_-_API_reference" id="2.0_-_API_reference">Log messages intended for the end user. </a></blockquote>

+ <hr />

+ <a name="2.0_-_API_reference" id="2.0_-_API_reference">function ftpserver.logline(msg) </a>

+ <blockquote><a name="2.0_-_API_reference" id="2.0_-_API_reference">Log commands and responses passing through the command channel. </a></blockquote>

+ <hr />

+ <a name="2.0_-_API_reference" id="2.0_-_API_reference">function ftpserver.logerror(msg) </a>

+ <blockquote><a name="2.0_-_API_reference" id="2.0_-_API_reference">Log traceback outputs occurring in case of errors. </a></blockquote>

+ <hr />

+ <a name="2.0_-_API_reference" id="2.0_-_API_reference">class ftpserver.AuthorizerError</a><a href="http://code.google.com/p/pyftpdlib/w/edit/AuthorizerError">?</a>()

+ <blockquote>Base class for authorizers exceptions. </blockquote>

+ <hr />

+ class ftpserver.DummyAuthorizer<a href="http://code.google.com/p/pyftpdlib/w/edit/DummyAuthorizer">?</a>()

+ <blockquote>Basic "dummy" authorizer class, suitable for subclassing to create your own custom authorizers. An "authorizer" is a class handling authentications and permissions of the FTP server. It is used inside FTPHandler class for verifying user's password, getting users home directory, checking user permissions when a filesystem read/write event occurs and changing user before accessing the filesystem. DummyAuthorizer is the base authorizer, providing a platform independent interface for managing "virtual" FTP users. Typically the first thing you have to do is create an instance of this class and start adding ftp users: </blockquote>

+ <pre>>>> from pyftpdlib import ftpserver >>> authorizer = ftpserver.DummyAuthorizer() >>> authorizer.add_user('user', 'password', '/home/user', perm='elradfmw') >>> authorizer.add_anonymous('/home/nobody')</pre>

+ <ul>

+ <li>add_user(username, password, homedir[, perm="elr"[, msg_login="Login successful."[, msg_quit="Goodbye."]]]) </li>

+ <ul>

+ <li>Add a user to the virtual users table. AuthorizerError exceptions raised on error conditions such as insufficient permissions or duplicate usernames. Optional perm argument is a set of letters referencing the user's permissions (see the permission table shown below). Optional msg_login and msg_quit arguments can be specified to provide customized response strings when user log-in and quit. The perm argument of the add_user() method refers to user's permissions. Every letter is used to indicate that the access rights the current FTP user has over the following specific actions are granted. </li>

+ </ul>

+ <blockquote>Read permissions:

+ <ul>

+ <li>"e" = change directory (CWD command) </li>

+ <li>"l" = list files (LIST, NLST, MLSD commands) </li>

+ <li>"r" = retrieve file from the server (RETR command) </li>

+ </ul>

+ Write permissions

+ <ul>

+ <li>"a" = append data to an existing file (APPE command) </li>

+ <li>"d" = delete file or directory (DELE, RMD commands) </li>

+ <li>"f" = rename file or directory (RNFR, RNTO commands) </li>

+ <li>"m" = create directory (MKD command) </li>

+ <li>"w" = store a file to the server (STOR, STOU commands) </li>

+ </ul>

+ </blockquote>

+ <ul>

+ <li>add_anonymous(homedir[, **kwargs]) </li>

+ <ul>

+ <li>Add an anonymous user to the virtual users table. AuthorizerError exception raised on error conditions such as insufficient permissions, missing home directory, or duplicate anonymous users. The keyword arguments in kwargs are the same expected by add_user() method: perm, msg_login and msg_quit. The optional perm keyword argument is a string defaulting to "elr" referencing "read-only" anonymous user's permission. Using a "write" value results in a RuntimeWarning. </li>

+ </ul>

+ <ul>

+ <li>override_perm(directory, perm[, recursive=False]) </li>

+ <ul>

+ <li>Override permissions for a given directory. New in 0.5.0 </li>

+ </ul>

+ <ul>

+ <li>validate_authentication(username, password) </li>

+ <ul>

+ <li>Return True if the supplied username and password match the stored credentials. </li>

+ </ul>

+ <ul>

+ <li>impersonate_user(username, password) </li>

+ <ul>

+ <li>Impersonate another user (noop). It is always called before accessing the filesystem. By default it does nothing. The subclass overriding this method is expected to provide a mechanism to change the current user. New in 0.4.0 </li>

+ </ul>

+ <ul>

+ <li>terminate_impersonation(username, password) </li>

+ <ul>

+ <li>Terminate impersonation (noop). It is always called after having accessed the filesystem. By default it does nothing. The subclass overriding this method is expected to provide a mechanism to switch back to the original user. New in 0.4.0 </li>

+ </ul>

+ <ul>

+ <li>remove_user(username) </li>

+ <ul>

+ <li>Remove a user from the virtual user table. </li>

+ </ul>

+ <hr />

+ class ftpserver.FTPHandler(conn, server)

+ <blockquote>This class implements the FTP server Protocol Interpreter (see <a href="http://www.faqs.org/rfcs/rfc959.html" rel="nofollow">RFC-959</a>), handling commands received from the client on the control channel by calling the command's corresponding method (e.g. for received command "MKD pathname", ftp_MKD() method is called with pathname as the argument). All relevant session information are stored in instance variables. </blockquote>

+ <blockquote>conn is the underlying socket object instance of the newly established connection, server is the FTPServer class instance. Basic usage simply requires creating an instance of FTPHandler class and specify which authorizer instance it will going to use: </blockquote>

+ <pre>>>> ftp_handler = ftpserver.FTPHandler >>> ftp_handler.authorizer = authorizer</pre>

+ <blockquote>All relevant session information is stored in class attributes reproduced below and can be modified before instantiating this class: </blockquote>

+ <ul>

+ <li>timeout </li>

+ <ul>

+ <li>The timeout which is the maximum time a remote client may spend between FTP commands. If the timeout triggers, the remote client will be kicked off (defaults to 300 seconds). New in 5.0 </li>

+ </ul>

+ <ul>

+ <li>banner </li>

+ <ul>

+ <li>String sent when client connects (default "pyftpdlib %s ready." %__ver__). </li>

+ </ul>

+ <ul>

+ <li>max_login_attempts </li>

+ <ul>

+ <li>Maximum number of wrong authentications before disconnecting (default 3). </li>

+ </ul>

+ <ul>

+ <li>permit_foreign_addresses </li>

+ <ul>

+ <li>Wether enable <a href="http://www.proftpd.org/docs/howto/FXP.html" rel="nofollow">FXP</a> feature (default False). </li>

+ </ul>

+ <ul>

+ <li>permit_privileged_ports </li>

+ <ul>

+ <li>Set to True if you want to permit active connections (PORT) over privileged ports (not recommended, default False). </li>

+ </ul>

+ <ul>

+ <li>masquerade_address </li>

+ <ul>

+ <li>The "masqueraded" IP address to provide along PASV reply when pyftpdlib is running behind a NAT or other types of gateways. When configured pyftpdlib will hide its local address and instead use the public address of your NAT (default None). </li>

+ </ul>

+ <ul>

+ <li>passive_ports </li>

+ <ul>

+ <li>What ports ftpd will use for its passive data transfers. Value expected is a list of integers (e.g. range(60000, 65535)). When configured pyftpdlib will no longer use kernel-assigned random ports (default None). </li>

+ </ul>

+ <hr />

+ class ftpserver.DTPHandler(sock_obj, cmd_channel)

+ <blockquote>This class handles the server-data-transfer-process (server-DTP, see <a href="http://www.faqs.org/rfcs/rfc959.html" rel="nofollow">RFC-959</a>) managing all transfer operations regarding the data channel. </blockquote>

+ <blockquote>sock_obj is the underlying socket object instance of the newly established connection, cmd_channel is the FTPHandler class instance. Unless you want to add extra functionalities like bandwidth throttling you shouldn't be interested in putting hands on this class. </blockquote>

+ <ul>

+ <li>timeout </li>

+ <ul>

+ <li>The timeout which roughly is the maximum time we permit data transfers to stall for with no progress. If the timeout triggers, the remote client will be kicked off. New in 5.0 </li>

+ </ul>

+ <ul>

+ <li>cmd_channel </li>

+ <ul>

+ <li>The command channel class instance. </li>

+ </ul>

+ <ul>

+ <li>file_obj </li>

+ <ul>

+ <li>The file transferred (if any). </li>

+ </ul>

+ <ul>

+ <li>receive </li>

+ <ul>

+ <li>True if channel is used for receiving data. </li>

+ </ul>

+ <ul>

+ <li>transfer_finished </li>

+ <ul>

+ <li>True if transfer completed successfully. </li>

+ </ul>

+ <ul>

+ <li>get_transmitted_bytes() </li>

+ <ul>

+ <li>Return the number of transmitted bytes. </li>

+ </ul>

+ <ul>

+ <li>transfer_in_progress() </li>

+ <ul>

+ <li>Return True if a transfer is in progress. </li>

+ </ul>

+ <ul>

+ <li>enable_receiving(type) </li>

+ <ul>

+ <li>Enable receiving of data over the channel. Depending on the type currently in use it creates an appropriate wrapper for the incoming data. </li>

+ </ul>

+ <ul>

+ <li>push(data) </li>

+ <ul>

+ <li>Push a bufferable data object (e.g. a string) onto the deque and initiate send. </li>

+ </ul>

+ <ul>

+ <li>push_with_producer(producer) </li>

+ <ul>

+ <li>Push data using a producer and initiate send. </li>

+ </ul>

+ <hr />

+ class ftpserver.FTPServer(address, handler)

+ <blockquote>This class is an asyncore.dispatcher subclass. It creates a FTP socket listening on address (a tuple containing the ip:port pair), dispatching the requests to a "handler" (typically FTPHandler class object). It is typically used for starting asyncore polling loop: </blockquote>

+ <pre>>>> address = ('127.0.0.1', 21) >>> ftpd = ftpserver.FTPServer(address, ftp_handler) >>> ftpd.serve_forever()</pre>

+ <ul>

+ <li>max_cons </li>

+ <ul>

+ <li>Number of maximum simultaneous connections accepted (default 0 == no limit). </li>

+ </ul>

+ <ul>

+ <li>max_cons_per_ip </li>

+ <ul>

+ <li>Number of maximum connections accepted for the same IP address (default 0 == no limit). </li>

+ </ul>

+ <ul>

+ <li>serve_forever([timeout=1[, use_poll=False[, map=None[, count=None]]]) </li>

+ <ul>

+ <li>A wrap around asyncore.loop(); starts the asyncore polling loop including running the scheduler. The arguments are the same expected by original asyncore.loop() function. </li>

+ </ul>

+ <ul>

+ <li>close() </li>

+ <ul>

+ <li>Stop serving without disconnecting currently connected clients. </li>

+ </ul>

+ <ul>

+ <li>close_all([map=None[, ignore_all=False]]) </li>

+ <ul>

+ <li>Stop serving disconnecting also the currently connected clients. The map parameter is a dictionary whose items are the channels to close. If map is omitted, the default asyncore.socket_map is used. Having ignore_all parameter set to False results in raising exception in case of unexpected errors. </li>

+ </ul>

+ <hr />

+ class ftpserver.AbstractedFS()

+ <blockquote>A class used to interact with the file system, providing a high level, cross-platform interface compatible with both Windows and UNIX style filesystems. It provides some utility methods to operate on pathnames and the wraps around the common calls to interact with the filesystem (e.g. open(), os.mkdir(), os.listdir(), etc...). These latter ones are not reproduced below (see the source instead). </blockquote>

+ <ul>

+ <li>root </li>

+ <ul>

+ <li>User's home directory ("real"). </li>

+ </ul>

+ <ul>

+ <li>cwd </li>

+ <ul>

+ <li>User's current working directory ("virtual"). </li>

+ </ul>

+ <ul>

+ <li>ftpnorm(ftppath) </li>

+ <ul>

+ <li>Normalize a "virtual" ftp pathname depending on the current working directory (e.g. having "/foo" as current working directory "x" becomes "/foo/x"). New in 3.0 </li>

+ </ul>

+ <ul>

+ <li>ftp2fs(ftppath) </li>

+ <ul>

+ <li>Translate a "virtual" ftp pathname into equivalent absolute "real" filesystem pathname (e.g. having "/home/user" as root directory "x" becomes "/home/user/x"). New in 3.0 </li>

+ </ul>

+ <ul>

+ <li>fs2ftp(fspath) </li>

+ <ul>

+ <li>Translate a "real" filesystem pathname into equivalent absolute "virtual" ftp pathname depending on the user's root directory (e.g. having "/home/user" as root directory "/home/user/x" becomes "/x". New in 3.0 </li>

+ </ul>

+ <ul>

+ <li>validpath(path) </li>

+ <ul>

+ <li>Check whether the path belongs to user's home directory. Expected argument is a "real" filesystem path. If path is a symbolic link it is resolved to check its real destination. Pathnames escaping from user's root directory are considered not valid (return False). </li>

+ </ul>

+ <hr />

+ class ftpserver.CallLater<a href="http://code.google.com/p/pyftpdlib/w/edit/CallLater">?</a>(seconds, target [, *args [, **kwargs]])

+ <blockquote>Calls a function at a later time. It can be used to asynchronously schedule a call within the polling loop without blocking it. The instance returned is an object that can be used to cancel or reschedule the call. New in 0.5.0 </blockquote>

+ <ul>

+ <li>cancelled </li>

+ <ul>

+ <li>Whether the call has been cancelled. </li>

+ </ul>

+ <ul>

+ <li>reset() </li>

+ <ul>

+ <li>Reschedule the call resetting the current countdown. </li>

+ </ul>

+ <ul>

+ <li>delay(seconds) </li>

+ <ul>

+ <li>Reschedule the call for a later time. </li>

+ </ul>

+ <ul>

+ <li>cancel() </li>

+ <ul>

+ <li>Unschedule the call. </li>

+ </ul>

+ <h1></h1>

+ <h1><a name="3.0_-_Customizing_your_FTP_server" id="3.0_-_Customizing_your_FTP_server">3.0 - Customizing your FTP server</a></h1>

+ <a name="3.0_-_Customizing_your_FTP_server" id="3.0_-_Customizing_your_FTP_server">Below is a set of example scripts showing some of the possible customizations that can be done with pyftpdlib. Some of them are included in demo directory of pyftpdlib source distribution. </a>

+ <h3><a name="3.1_-_Building_a_Base_FTP_server" id="3.1_-_Building_a_Base_FTP_server">3.1 - Building a Base FTP server</a></h3>

+ <a name="3.1_-_Building_a_Base_FTP_server" id="3.1_-_Building_a_Base_FTP_server">The script below is a basic configuration, and it's probably the best starting point for understanding how things work. It uses the base DummyAuthorizer for adding a bunch of "virtual" users. </a>

+ <a name="3.1_-_Building_a_Base_FTP_server" id="3.1_-_Building_a_Base_FTP_server">It also sets a limit for connections by overriding FTPServer.max_cons and FTPServer.max_cons_per_ip attributes which are intended to set limits for maximum connections to handle simultaneously and maximum connections from the same IP address. Overriding these variables is always a good idea (they default to 0, or "no limit") since they are a good workaround for avoiding DoS attacks. </a>

+ <pre><a name="3.1_-_Building_a_Base_FTP_server" id="3.1_-_Building_a_Base_FTP_server">#!/usr/bin/env python # basic_ftpd.py """A basic FTP server which uses a DummyAuthorizer for managing 'virtual users', setting a limit for incoming connections. """ import os from pyftpdlib import ftpserver if __name__ == "__main__": # Instantiate a dummy authorizer for managing 'virtual' users authorizer = ftpserver.DummyAuthorizer() # Define a new user having full r/w permissions and a read-only # anonymous user authorizer.add_user('user', '12345', os.getcwd(), perm='elradfmw') authorizer.add_anonymous(os.getcwd()) # Instantiate FTP handler class ftp_handler = ftpserver.FTPHandler ftp_handler.authorizer = authorizer # Define a customized banner (string returned when client connects) ftp_handler.banner = "pyftpdlib %s based ftpd ready." %ftpserver.__ver__ # Specify a masquerade address and the range of ports to use for # passive connections. Decomment in case you're behind a NAT. #ftp_handler.masquerade_address = '151.25.42.11' #ftp_handler.passive_ports = range(60000, 65535) # Instantiate FTP server class and listen to 0.0.0.0:21 address = ('', 21) ftpd = ftpserver.FTPServer(address, ftp_handler) # set a limit for connections ftpd.max_cons = 256 ftpd.max_cons_per_ip = 5 # start ftp server ftpd.serve_forever()</a></pre>

+ <h3><a name="3.2_-_Logging_management" id="3.2_-_Logging_management">3.2 - Logging management</a></h3>

+ <a name="3.2_-_Logging_management" id="3.2_-_Logging_management">As mentioned, ftpserver.py comes with 3 different functions intended for a separate logging system: log(), logline() and logerror(). Let's suppose you don't want to print FTPd messages on screen but you want to write them into different files: "/var/log/ftpd.log" will be main log file, "/var/log/ftpd.lines.log" the one where you'll want to store commands and responses passing through the control connection. </a>

+ <a name="3.2_-_Logging_management" id="3.2_-_Logging_management">Here's one method this could be implemented: </a>

+ <pre><a name="3.2_-_Logging_management" id="3.2_-_Logging_management">#!/usr/bin/env python # logging_management.py import os import time from pyftpdlib import ftpserver now = lambda: time.strftime("[%Y-%b-%d %H:%M:%S]") def standard_logger(msg): f1.write("%s %s\n" %(now(), msg)) def line_logger(msg): f2.write("%s %s\n" %(now(), msg)) if __name__ == "__main__": f1 = open('ftpd.log', 'a') f2 = open('ftpd.lines.log', 'a') ftpserver.log = standard_logger ftpserver.logline = line_logger authorizer = ftpserver.DummyAuthorizer() authorizer.add_anonymous(os.getcwd()) ftp_handler = ftpserver.FTPHandler ftp_handler.authorizer = authorizer address = ('', 21) ftpd = ftpserver.FTPServer(address, ftp_handler) ftpd.serve_forever()</a></pre>

+ <h3><a name="3.3_-_Storing_passwords_as_hash_digests" id="3.3_-_Storing_passwords_as_hash_digests">3.3 - Storing passwords as hash digests</a></h3>

+ <a name="3.3_-_Storing_passwords_as_hash_digests" id="3.3_-_Storing_passwords_as_hash_digests">Using FTP server library with the default DummyAuthorizer means that password will be stored in clear-text. An end-user ftpd using the default dummy authorizer would typically require a configuration file for authenticating users and their passwords but storing clear-text passwords is of course undesirable. </a>

+ <a name="3.3_-_Storing_passwords_as_hash_digests" id="3.3_-_Storing_passwords_as_hash_digests">The most common way to do things in such case would be first creating new users and then storing their usernames + passwords as hash digests into a file or wherever you find it convenient. </a>

+ <a name="3.3_-_Storing_passwords_as_hash_digests" id="3.3_-_Storing_passwords_as_hash_digests">The example below shows how to easily create an encrypted account storage system by storing passwords as one-way hashes by using md5 algorithm. This could be easily done by using the md5 module included with Python stdlib and by sub-classing the original DummyAuthorizer class overriding its validate_authentication() method: </a>

+ <pre><a name="3.3_-_Storing_passwords_as_hash_digests" id="3.3_-_Storing_passwords_as_hash_digests">#!/usr/bin/env python # md5_ftpd.py """A basic ftpd storing passwords as hash digests (platform independent). """ import md5 import os from pyftpdlib import ftpserver class DummyMD5Authorizer(ftpserver.DummyAuthorizer): def validate_authentication(self, username, password): hash = md5.new(password).hexdigest() return self.user_table[username]['pwd'] == hash if __name__ == "__main__": # get a hash digest from a clear-text password hash = md5.new('12345').hexdigest() authorizer = DummyMD5Authorizer() authorizer.add_user('user', hash, os.getcwd(), perm='elradfmw') authorizer.add_anonymous(os.getcwd()) ftp_handler = ftpserver.FTPHandler ftp_handler.authorizer = authorizer address = ('', 21) ftpd = ftpserver.FTPServer(address, ftp_handler) ftpd.serve_forever()</a></pre>

+ <h3><a name="3.4_-_Unix_FTP_Server" id="3.4_-_Unix_FTP_Server">3.4 - Unix FTP Server</a></h3>

+ <a name="3.4_-_Unix_FTP_Server" id="3.4_-_Unix_FTP_Server">If you're running a Unix system you may want to configure your ftpd to include support for "real" users existing on the system. </a>

+ <a name="3.4_-_Unix_FTP_Server" id="3.4_-_Unix_FTP_Server">The example below shows how to use </a><a href="http://docs.python.org/lib/module-pwd.html" rel="nofollow">pwd</a> and <a href="http://docs.python.org/lib/module-spwd.html" rel="nofollow">spwd</a> modules available in Python 2.5 or greater (UNIX systems only) to interact with UNIX user account and shadow passwords database and also to automatically get the user's home directory.

+ impersonate_user() and terminate_impersonation() methods of the dummy authorizer are overridden to provide the proper mechanism to reflect the current logged-in user every time he's going to access the filesystem.

+ Note that the users you're going to add through the add_user method must already exist on the system.

+ <pre>#!/usr/bin/env python # unix_ftpd.py """A ftpd using local unix account database to authenticate users (users must already exist). It also provides a mechanism to (temporarily) impersonate the system users every time they are going to perform filesystem operations. """ import os import pwd, spwd, crypt from pyftpdlib import ftpserver class UnixAuthorizer(ftpserver.DummyAuthorizer): # the uid/gid the daemon runs under PROCESS_UID = os.getuid() PROCESS_GID = os.getgid() def add_user(self, username, homedir=None, **kwargs): """Add a "real" system user to the virtual users table. If no home argument is specified the user's home directory will be used. The keyword arguments in kwargs are the same expected by the original add_user method: "perm", "msg_login" and "msg_quit". """ # get the list of all available users on the system and check # if provided username exists users = [entry.pw_name for entry in pwd.getpwall()] if not username in users: raise ftpserver.AuthorizerError('No such user "%s".' %username) if not homedir: homedir = pwd.getpwnam(username).pw_dir ftpserver.DummyAuthorizer.add_user(self, username, '', homedir,**kwargs) def add_anonymous(self, homedir=None, realuser="nobody", **kwargs): """Add an anonymous user to the virtual users table. If no homedir argument is specified the realuser's home directory will possibly be determined and used. realuser argument specifies the system user to use for managing anonymous sessions. On many UNIX systems "nobody" is tipically used but it may change (e.g. "ftp"). """ users = [entry.pw_name for entry in pwd.getpwall()] if not realuser in users: raise ftpserver.AuthorizerError('No such user "%s".' %realuser) if not homedir: homedir = pwd.getpwnam(realuser).pw_dir ftpserver.DummyAuthorizer.add_anonymous(self, homedir, **kwargs) self.anon_user = realuser def validate_authentication(self, username, password): if (username == "anonymous") and self.has_user('anonymous'): username = self.anon_user pw1 = spwd.getspnam(username).sp_pwd pw2 = crypt.crypt(password, pw1) return pw1 == pw2 def impersonate_user(self, username, password): if (username == "anonymous") and self.has_user('anonymous'): username = self.anon_user uid = pwd.getpwnam(username).pw_uid gid = pwd.getpwnam(username).pw_gid os.setegid(gid) os.seteuid(uid) def terminate_impersonation(self): os.setegid(self.PROCESS_GID) os.seteuid(self.PROCESS_UID) if __name__ == "__main__": authorizer = UnixAuthorizer() # add a user (note: user must already exists) authorizer.add_user('user', perm='elradfmw') authorizer.add_anonymous(os.getcwd()) ftp_handler = ftpserver.FTPHandler ftp_handler.authorizer = authorizer address = ('', 21) ftpd = ftpserver.FTPServer(address, ftp_handler) ftpd.serve_forever()</pre>

+ <h3><a name="3.5_-_Windows_NT_FTP_Server" id="3.5_-_Windows_NT_FTP_Server">3.5 - Windows NT FTP Server</a></h3>

+ <a name="3.5_-_Windows_NT_FTP_Server" id="3.5_-_Windows_NT_FTP_Server">The following code shows how to implement a basic authorizer for a Windows NT workstation to authenticate against existing Windows user accounts. This code uses Mark Hammond's </a><a href="http://starship.python.net/crew/mhammond/win32/" rel="nofollow">pywin32</a> extension which is required to be installed previously.

+ Note that, as for UNIX authorizer, the users you're going to add through the add_user method must already exist on the system.

+ <pre>#!/usr/bin/env python # winnt_ftpd.py """A ftpd using local Windows NT account database to authenticate users (users must already exist). It also provides a mechanism to (temporarily) impersonate the system users every time they are going to perform filesystem operations. """ import os import win32security, win32net, pywintypes, win32con from pyftpdlib import ftpserver def get_profile_dir(username): """Return the user's profile directory.""" import _winreg, win32api sid = win32security.ConvertSidToStringSid( win32security.LookupAccountName(None, username)[0]) try: key = _winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"+"\\"+sid) except WindowsError: raise ftpserver.AuthorizerError("No profile directory defined for %s " "user" %username) value = _winreg.QueryValueEx(key, "ProfileImagePath")[0] return win32api.ExpandEnvironmentStrings(value) class WinNtAuthorizer(ftpserver.DummyAuthorizer): def add_user(self, username, homedir=None, **kwargs): """Add a "real" system user to the virtual users table. If no homedir argument is specified the user's profile directory will possibly be determined and used. The keyword arguments in kwargs are the same expected by the original add_user method: "perm", "msg_login" and "msg_quit". """ # get the list of all available users on the system and check # if provided username exists users = [entry['name'] for entry in win32net.NetUserEnum(None, 0)[0]] if not username in users: raise ftpserver.AuthorizerError('No such user "%s".' %username) if not homedir: homedir = get_profile_dir(username) ftpserver.DummyAuthorizer.add_user(self, username, '', homedir, **kwargs) def add_anonymous(self, homedir=None, realuser="Guest", password="", **kwargs): """Add an anonymous user to the virtual users table. If no homedir argument is specified the realuser's profile directory will possibly be determined and used. realuser and password arguments are the credentials to use for managing anonymous sessions. The same behaviour is followed in IIS where the Guest account is used to do so (note: it must be enabled first). """ users = [entry['name'] for entry in win32net.NetUserEnum(None, 0)[0]] if not realuser in users: raise ftpserver.AuthorizerError('No such user "%s".' %realuser) if not homedir: homedir = get_profile_dir(realuser) # make sure provided credentials are valid, otherwise an exception # will be thrown; to do so we actually try to impersonate the user self.impersonate_user(realuser, password) self.terminate_impersonation() ftpserver.DummyAuthorizer.add_anonymous(self, homedir, **kwargs) self.anon_user = realuser self.anon_pwd = password def validate_authentication(self, username, password): if (username == "anonymous") and self.has_user('anonymous'): username = self.anon_user password = self.anon_pwd try: win32security.LogonUser(username, None, password, win32con.LOGON32_LOGON_INTERACTIVE, win32con.LOGON32_PROVIDER_DEFAULT) return True except pywintypes.error: return False def impersonate_user(self, username, password): if (username == "anonymous") and self.has_user('anonymous'): username = self.anon_user password = self.anon_pwd handler = win32security.LogonUser(username, None, password, win32con.LOGON32_LOGON_INTERACTIVE, win32con.LOGON32_PROVIDER_DEFAULT) win32security.ImpersonateLoggedOnUser(handler) handler.Close() def terminate_impersonation(self): win32security.RevertToSelf() if __name__ == "__main__": authorizer = WinNtAuthorizer() # add a user (note: user must already exists) authorizer.add_user('user', perm='elradfmw') # add an anonymous user using Guest account to handle the anonymous # sessions (note: Guest must be enabled first) authorizer.add_anonymous(os.getcwd()) ftp_handler = ftpserver.FTPHandler ftp_handler.authorizer = authorizer address = ('', 21) ftpd = ftpserver.FTPServer(address, ftp_handler) ftpd.serve_forever()

+</pre>

+</div>

+</body>

+</html>

« no previous file with comments | « third_party/pyftpdlib/doc/roadmap.lnk.html ('k') | third_party/pyftpdlib/pyftpdlib/__init__.py » ('j') | no next file with comments »