~launchpad-pqm/launchpad/devel

12392.7.13 by Julian Edwards
Move the new ftp code to its own file
1
# Copyright 2011 Canonical Ltd.  This software is licensed under the
2
# GNU Affero General Public License version 3 (see the file LICENSE).
3
4
"""Twisted FTP implementation of the Poppy upload server."""
5
6
__metaclass__ = type
7
__all__ = [
12392.7.14 by Julian Edwards
fix __all__
8
    'FTPRealm',
9
    'PoppyAnonymousShell',
12392.7.13 by Julian Edwards
Move the new ftp code to its own file
10
    ]
11
12
import logging
13
import os
14
import tempfile
15
12392.7.21 by Julian Edwards
move code out of the tac file and into twistedftp.py
16
from twisted.application import service, strports
12392.7.13 by Julian Edwards
Move the new ftp code to its own file
17
from twisted.cred import checkers, credentials
12392.7.21 by Julian Edwards
move code out of the tac file and into twistedftp.py
18
from twisted.cred.portal import IRealm, Portal
12392.7.13 by Julian Edwards
Move the new ftp code to its own file
19
from twisted.internet import defer
20
from twisted.protocols import ftp
21
from twisted.python import filepath
22
23
from zope.interface import implements
12392.8.1 by Julian Edwards
first stab at rejecting unsigned changes files - requires a patch to Twisted to return the error code properly
24
from zope.component import getUtility
25
26
from canonical.launchpad.interfaces.gpghandler import (
27
    GPGVerificationError,
12919.6.6 by Ian Booth
Use single gpghandler implementation
28
    IGPGHandler,
12392.8.1 by Julian Edwards
first stab at rejecting unsigned changes files - requires a patch to Twisted to return the error code properly
29
    )
12392.7.13 by Julian Edwards
Move the new ftp code to its own file
30
12392.7.21 by Julian Edwards
move code out of the tac file and into twistedftp.py
31
from canonical.config import config
32
from lp.poppy import get_poppy_root
12392.7.13 by Julian Edwards
Move the new ftp code to its own file
33
from lp.poppy.filesystem import UploadFileSystem
34
from lp.poppy.hooks import Hooks
12392.8.1 by Julian Edwards
first stab at rejecting unsigned changes files - requires a patch to Twisted to return the error code properly
35
from lp.registry.interfaces.gpg import IGPGKeySet
12579.1.2 by William Grant
Fix poppy's validateGPG to abort the transaction once it's done.
36
from lp.services.database import read_transaction
12392.7.13 by Julian Edwards
Move the new ftp code to its own file
37
38
39
class PoppyAccessCheck:
40
    """An `ICredentialsChecker` for Poppy FTP sessions."""
41
    implements(checkers.ICredentialsChecker)
12392.7.25 by Julian Edwards
make anonymous access work without frigging the user name for it
42
    credentialInterfaces = (
43
        credentials.IUsernamePassword, credentials.IAnonymous)
12392.7.13 by Julian Edwards
Move the new ftp code to its own file
44
45
    def requestAvatarId(self, credentials):
46
        # Poppy allows any credentials.  People can use "anonymous" if
12392.7.25 by Julian Edwards
make anonymous access work without frigging the user name for it
47
        # they want but anything goes.  Thus, we don't actually *check* the
48
        # credentials, and we return the standard avatarId for 'anonymous'.
49
        return checkers.ANONYMOUS
12392.7.13 by Julian Edwards
Move the new ftp code to its own file
50
51
52
class PoppyAnonymousShell(ftp.FTPShell):
53
    """The 'command' interface for sessions.
54
55
    Roughly equivalent to the SFTPServer in the sftp side of things.
56
    """
12392.7.20 by Julian Edwards
fix stupid lint
57
12392.7.13 by Julian Edwards
Move the new ftp code to its own file
58
    def __init__(self, fsroot):
59
        self._fs_root = fsroot
60
        self.uploadfilesystem = UploadFileSystem(tempfile.mkdtemp())
61
        self._current_upload = self.uploadfilesystem.rootpath
62
        os.chmod(self._current_upload, 0770)
63
        self._log = logging.getLogger("poppy-sftp")
64
        self.hook = Hooks(
65
            self._fs_root, self._log, "ubuntu", perms='g+rws',
12392.7.18 by Julian Edwards
fix tests
66
            prefix='-ftp')
12392.7.13 by Julian Edwards
Move the new ftp code to its own file
67
        self.hook.new_client_hook(self._current_upload, 0, 0)
68
        self.hook.auth_verify_hook(self._current_upload, None, None)
69
        super(PoppyAnonymousShell, self).__init__(
70
            filepath.FilePath(self._current_upload))
71
72
    def openForWriting(self, file_segments):
73
        """Write the uploaded file to disk, safely.
74
75
        :param file_segments: A list containing string items, one for each
76
            path component of the file being uploaded.  The file referenced
77
            is relative to the temporary root for this session.
78
79
        If the file path contains directories, we create them.
80
        """
81
        filename = os.sep.join(file_segments)
82
        self._create_missing_directories(filename)
12392.8.1 by Julian Edwards
first stab at rejecting unsigned changes files - requires a patch to Twisted to return the error code properly
83
        path = self._path(file_segments)
84
        try:
85
            fObj = path.open("w")
86
        except (IOError, OSError), e:
87
            return ftp.errnoToFailure(e.errno, path)
88
        except:
12392.8.11 by Julian Edwards
Add an explanatory comment
89
            # Push any other error up to Twisted to deal with.
12392.8.1 by Julian Edwards
first stab at rejecting unsigned changes files - requires a patch to Twisted to return the error code properly
90
            return defer.fail()
91
        return defer.succeed(PoppyFileWriter(fObj))
12392.7.13 by Julian Edwards
Move the new ftp code to its own file
92
93
    def makeDirectory(self, path):
94
        """Make a directory using the secure `UploadFileSystem`."""
95
        path = os.sep.join(path)
96
        return defer.maybeDeferred(self.uploadfilesystem.mkdir, path)
97
98
    def access(self, segments):
99
        """Permissive CWD that auto-creates target directories."""
100
        if segments:
101
            path = self._path(segments)
102
            path.makedirs()
103
        return super(PoppyAnonymousShell, self).access(segments)
104
105
    def logout(self):
106
        """Called when the client disconnects.
107
108
        We need to post-process the upload.
109
        """
110
        self.hook.client_done_hook(self._current_upload, 0, 0)
111
112
    def _create_missing_directories(self, filename):
113
        # Same as SFTPServer
114
        new_dir, new_file = os.path.split(
115
            self.uploadfilesystem._sanitize(filename))
116
        if new_dir != '':
117
            if not os.path.exists(
118
                os.path.join(self._current_upload, new_dir)):
119
                self.uploadfilesystem.mkdir(new_dir)
120
121
    def list(self, path_segments, attrs):
122
        return defer.fail(ftp.CmdNotImplementedError("LIST"))
123
124
125
class FTPRealm:
126
    """FTP Realm that lets anyone in."""
127
    implements(IRealm)
128
129
    def __init__(self, root):
130
        self.root = root
131
132
    def requestAvatar(self, avatarId, mind, *interfaces):
133
        """Return a Poppy avatar - that is, an "authorisation".
134
135
        Poppy FTP avatars are totally fake, we don't care about credentials.
136
        See `PoppyAccessCheck` above.
137
        """
138
        for iface in interfaces:
139
            if iface is ftp.IFTPShell:
140
                avatar = PoppyAnonymousShell(self.root)
141
                return ftp.IFTPShell, avatar, getattr(
142
                    avatar, 'logout', lambda: None)
143
        raise NotImplementedError(
144
            "Only IFTPShell interface is supported by this realm")
12392.8.1 by Julian Edwards
first stab at rejecting unsigned changes files - requires a patch to Twisted to return the error code properly
145
146
147
class PoppyFileWriter(ftp._FileWriter):
148
    """An `IWriteFile` that checks for signed changes files."""
149
150
    def close(self):
151
        """Called after the file has been completely downloaded."""
152
        if self.fObj.name.endswith(".changes"):
12392.8.8 by Julian Edwards
fix lint
153
            error = self.validateGPG(self.fObj.name)
12392.8.1 by Julian Edwards
first stab at rejecting unsigned changes files - requires a patch to Twisted to return the error code properly
154
            if error is not None:
155
                # PermissionDeniedError is one of the few ftp exceptions
156
                # that lets us pass an error string back to the client.
157
                return defer.fail(ftp.PermissionDeniedError(error))
158
        return defer.succeed(None)
159
12579.1.2 by William Grant
Fix poppy's validateGPG to abort the transaction once it's done.
160
    @read_transaction
12392.8.1 by Julian Edwards
first stab at rejecting unsigned changes files - requires a patch to Twisted to return the error code properly
161
    def validateGPG(self, signed_file):
162
        """Check the GPG signature in the file referenced by signed_file.
12392.8.8 by Julian Edwards
fix lint
163
12392.8.1 by Julian Edwards
first stab at rejecting unsigned changes files - requires a patch to Twisted to return the error code properly
164
        Return an error string if there's a problem, or None.
165
        """
166
        try:
12919.6.6 by Ian Booth
Use single gpghandler implementation
167
            sig = getUtility(IGPGHandler).getVerifiedSignatureResilient(
12392.8.1 by Julian Edwards
first stab at rejecting unsigned changes files - requires a patch to Twisted to return the error code properly
168
                file(signed_file, "rb").read())
169
        except GPGVerificationError, error:
14446.1.2 by Julian Edwards
Make poppy FTP handler write debug output to the log when there's a gpg verification error.
170
            log = logging.getLogger("poppy-sftp")
171
            log.info("GPGVerificationError, extra debug output follows:")
172
            for attr in ("args", "code", "signatures", "source"):
173
                if hasattr(error, attr):
14446.1.3 by Julian Edwards
suggestion from jtv
174
                    log.info("%s: %s", attr, error.attr)
12392.8.1 by Julian Edwards
first stab at rejecting unsigned changes files - requires a patch to Twisted to return the error code properly
175
            return ("Changes file must be signed with a valid GPG "
176
                    "signature: %s" % error)
177
178
        key = getUtility(IGPGKeySet).getByFingerprint(sig.fingerprint)
179
        if key is None:
180
            return (
181
                "Signing key %s not registered in launchpad."
182
                % sig.fingerprint)
183
184
        if key.active == False:
185
            return "Changes file is signed with a deactivated key"
186
187
        return None
188
189
12392.7.21 by Julian Edwards
move code out of the tac file and into twistedftp.py
190
class FTPServiceFactory(service.Service):
12392.7.31 by Julian Edwards
fix some lint
191
    """A factory that makes an `FTPService`"""
192
12392.7.21 by Julian Edwards
move code out of the tac file and into twistedftp.py
193
    def __init__(self, port):
194
        realm = FTPRealm(get_poppy_root())
195
        portal = Portal(realm)
196
        portal.registerChecker(PoppyAccessCheck())
12392.7.24 by Julian Edwards
make the tests also use anonymous as the FTP user ID
197
        factory = ftp.FTPFactory(portal)
12392.7.21 by Julian Edwards
move code out of the tac file and into twistedftp.py
198
199
        factory.tld = get_poppy_root()
200
        factory.protocol = ftp.FTP
201
        factory.welcomeMessage = "Launchpad upload server"
202
        factory.timeOut = config.poppy.idle_timeout
203
12392.7.24 by Julian Edwards
make the tests also use anonymous as the FTP user ID
204
        self.ftpfactory = factory
205
        self.portno = port
206
12392.7.21 by Julian Edwards
move code out of the tac file and into twistedftp.py
207
    @staticmethod
208
    def makeFTPService(port=2121):
209
        strport = "tcp:%s" % port
210
        factory = FTPServiceFactory(port)
211
        return strports.service(strport, factory.ftpfactory)