Protocolo FTP

advertisement
FTP: the file transfer protocol
FTP
FTP
user
client
interface
Protocolo FTP
user
at host
file transfer
FTP
server
remote file
system
local file
system
• FTP utilizes two ports:
- a 'data' port (usually port 20...)
- a 'command' port (port 21)
SISTEMAS INFORMÁTICOS
SLIDES 13
FTP: Active Mode
Separate control, data connections
•
•
•
•
•
FTP client contacts the FTP
server at port 21.
Client obtains authorization over
control connection.
Client browses remote directory
by sending commands over
control connection.
When server receives a
command for a file transfer, the
server opens a TCP data
connection to client (port 20).
After transferring one file, the
server closes connection.
TCP control connection
port 21
FTP
client
•
•
TCP data connection
port 20
Server opens a second TCP
data connection to transfer
another file.
FTP server maintains “state”:
current directory, earlier
authentication
FTP: Active Mode
server
client
PORT
1027
FTP
server
•
In active mode the client connects from a random port (N > 1024) to the
FTP server's command port, port 21.
•
Then, the client starts listening to port N+1 and sends the FTP command
PORT N+1 to the FTP server.
•
The server will then connect back to the client's specified data port from its
local data port, which is port 20.
•
To support the FTP active mode, the firewall at the server’s side has to
have the following channels
- FTP server's port 21 from anywhere (Client initiates connection)
- FTP server's port 21 to ports > 1024 (Server responds to client's control
port)
- FTP server's port 20 to ports > 1024 (Server initiates data connection to
client's data port)
- FTP server's port 20 from ports > 1024 (Client sends ACKs to server's
data port)
FTP: Active Mode
• There is a problem with active mode at the client side.
• The FTP client doesn't make the actual connection to the
data port of the server--it simply tells the server what port
it is listening on and the server connects back to the
specified port on the client.
• From the client side firewall this appears to be an outside
system initiating a connection to an internal client-something that is usually blocked at the firewall.
client
server
1
FTP Active Mode: dialog example
testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PORT 192,168,150,80,14,178
200 PORT command successful.
---> LIST
150 Opening ASCII mode data connection for file list.
drwx------ 3 slacker users
104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.
Port = (14*256)+178=3762
FTP: Passive Mode (Firewall)
FTP: Passive Mode
• In passive mode the client initiates both connections to
the server, solving the problem of firewalls filtering the
incoming data port connection to the client from the
server.
• When opening an FTP connection, the client opens two
random unprivileged ports locally (N > 1024 and N+1).
• The first port contacts the server on port 21, but instead
of sending a PORT command the client will send the
PASV command.
• The result of this is that the server then opens a random
unprivileged port (P > 1024) and sends the PORT P
command back to the client.
• The client then initiates the connection from port N+1 to
port P on the server to transfer data.
FTP Passive Mode
• To support passive mode, the firewall of the
server has to implement the following rules:
server
– FTP server's port 21 from anywhere (Client initiates
connection)
– FTP server's port 21 to ports > 1024 (Server
responds to client's control port)
– FTP server's ports > 1024 from anywhere (Client
initiates data connection to random port specified by
server)
– FTP server's ports > 1024 to remote ports > 1024
(Server sends ACKs (and data) to client's data port)
FTP Passive Mode: dialog example
testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering Passive Mode (192,168,150,90,195,149).
---> LIST
150 Opening ASCII mode data connection for file list
drwx------ 3 slacker users
104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.
client
PASV
PORT
2024
FTP: Active vs Passive Mode
Active FTP:
command:
data:
client (>1024) server 21
client (>1024)  server 20
Passive FTP:
command: client (>1024) server 21
data:
client (>1024) server (>1024)
2
FTP: Active vs Passive Mode
FTP commands, responses
• Active FTP is beneficial to the FTP server admin, but
detrimental to the client side admin. The FTP server
attempts to make connections to random high ports on
the client, which would almost certainly be blocked by a
firewall on the client side.
Sample commands:
Sample return codes
• sent as ASCII text over
control channel
• USER username
• PASS password
• Passive FTP is beneficial to the client, but detrimental to
the FTP server admin. The client will make both
connections to the server, but one of them will be to a
random high port, which would almost certainly be
blocked by a firewall on the server side.
• LIST return list of file in
current directory
• status code and phrase
(as in HTTP)
• 331 Username OK,
password required
• 125 data connection
already open;
transfer starting
• 425 Can’t open data
connection
• 452 Error writing
file
• RETR filename
retrieves (gets) file
• STOR filename stores
(puts) file onto remote
host
Access Control Commands
USER
PASS
CWD
CDUP
QUIT
specify user
specify password
change directory
change directory to parent
logout
Service Commands
RETR
STOR
STOU
APPE
ABOR
PWD
LIST
retrieve file
send file
send file and save as unique
send file and append
abort previous service command
print working directory
transfer list of files over data link
Transfer Commands
PORT
PASV
TYPE
MODE
STRU
publish local data port
server should listen
establish data representation
establish transfer mode
establish file structure
FTP Replies
• All replies are sent over control connection.
• Replies are a single line containing
– 3 digit status code (sent as 3 numeric chars).
– text message.
• Status code is used by programs, text is for
humans.
3
Data Transfer Modes
• STREAM: file is transmitted as a stream
of bytes.
• BLOCK: file is transmitted as a series of
blocks preceded by headers containing
count and descriptor code (EOF, EOR,
restart marker).
• COMPRESSED: uses a simple
compression scheme - compressed blocks
are transmitted.
Electronic Mail
outgoing
message queue
user mailbox
Three major components:
• user agents.
• mail servers.
• simple mail transfer protocol:
SMTP.
User Agent
• mail reader.
• composing, editing, reading
mail messages.
• e.g., Eudora, Outlook, Netscape
Messenger
• outgoing, incoming messages
stored on server.
user
agent
mail
server
user
agent
SMTP
mail
server
SMTP
SMTP
mail
server
user
agent
user
agent
user
agent
user
agent
Electronic Mail: SMTP [RFC 821]
• uses TCP to reliably transfer email message from
client to server, port 25
• direct transfer: sending server to receiving server
• three phases of transfer
– handshaking (greeting)
– transfer of messages
– closure
• command/response interaction
– commands: ASCII text
– response: status code and phrase
Protocolo SMTP
(Email)
Electronic Mail: mail servers
Mail Servers
• mailbox contains incoming
messages for user
• message queue of
outgoing (to be sent) mail
messages
• SMTP protocol between
mail servers to send email
messages
– client: sending mail
server
– “server”: receiving mail
server
user
agent
mail
server
user
agent
SMTP
mail
server
SMTP
SMTP
mail
server
user
agent
user
agent
user
agent
user
agent
Alice sends a message to Bob
4) SMTP client sends Alice’s
message over the TCP
connection
5) Bob’s mail server places the
message in Bob’s mailbox
6) Bob invokes his user agent to
read message (IMAP; POP3)
1) Alice uses UA to compose
message and “to”
bob@dei.uc.pt
2) Alice’s UA sends message to
her mail server; message
placed in message queue
3) Client side of SMTP opens
TCP connection with Bob’s
mail server
1
user
agent
2
mail
server
3
mail
server
4
5
6
user
agent
• messages must be in 7-bit ASCII
4
Try SMTP interaction for yourself:
SMTP Commands
•
•
•
•
•
•
•
•
•
•
•
HELO
MAIL FROM:
TO:
VRFY address
EXPN
DATA
RSET
NOOP
DEBUG [level]
HELP
QUIT
hostname startup and give your hostname
sender-address mail
recipient-address
does this address actually exist (verify)
address expand this address
start giving you the body of the mail message
reset state and drop current mail message
do nothing
set debugging level
give me some help please
close this connection
SMTP: final words
Sample SMTP interaction
S:
C:
S:
C:
S:
C:
S:
C:
S:
C:
C:
C:
S:
C:
S:
220 smtp.isctem.com
HELO xpto.isctem.com
250 Hello xpto, pleased to meet you
MAIL FROM: <deus@paraiso.com>
250 deus@paraiso.com... Sender ok
RCPT TO: <irene@hotmail.com>
250 irene@hotmail.com ... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Irene, terás que mudar de clube
caso queiras atingir o paraíso…
.
250 Message accepted for delivery
QUIT
221 isctem.com closing connection
– To:
– From:
– Subject:
different from SMTP
commands!
• body
header
• SMTP uses persistent
connections
• SMTP requires message
(header & body) to be in
7-bit ASCII
• SMTP server uses
CRLF.CRLF to determine
end of message
blank
line
• HTTP: pull
• SMTP: push
• both have ASCII
command/response
interaction, status codes
• HTTP: each object
encapsulated in its own
response msg
• SMTP: multiple objects sent
in multipart msg
• MIME: multimedia mail extension, RFC 2045, 2056
• additional lines in msg header declare MIME content type
MIME version
body
Comparison with HTTP:
Message format: multimedia
extensions
Mail message format
SMTP: protocol for
exchanging email msgs
RFC 822: standard for text
message format:
• header lines, e.g.,
• telnet smtp_server 25
• see 220 reply from server
• enter HELO, MAIL FROM, RCPT TO, DATA,
QUIT commands
method used
to encode data
multimedia data
type, subtype,
parameter declaration
encoded data
From: alice@crepes.fr
To: bob@hamburger.edu
Subject: Picture of yummy crepe.
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Type: image/jpeg
base64 encoded data .....
.........................
......base64 encoded data
– the “message”, ASCII
characters only
5
Multipart Type
MIME types
Content-Type: type/subtype; parameters
Text
Video
• example subtypes:
plain, html
• example subtypes:
mpeg, quicktime
Image
Application
• example subtypes:
jpeg, gif
• other data that must be
processed by reader
before “viewable”
• example subtypes:
msword, octetstream
Audio
• example subtypes:
basic (8-bit mu-law
encoded), 32kadpcm
(32 kbps coding)
Mail access protocols
SMTP
SMTP
user
agent
sender’s mail
server
access
protocol
user
agent
receiver’s mail
server
• SMTP: delivery/storage to receiver’s server
• Mail access protocol: retrieval from server
– POP: Post Office Protocol [RFC 1939]
• authorization (agent <-->server) and download
– IMAP: Internet Mail Access Protocol [RFC 1730]
• more features (more complex)
• manipulation of stored msgs on server
– HTTP: Hotmail , Yahoo! Mail, etc.
POP3 and IMAP
POP3
• Previous example uses
“download and delete”
mode.
• Bob cannot re-read email if he changes
client.
• “Download-and-keep”:
copies of messages on
different clients.
• POP3 is stateless
across sessions.
IMAP
• Keep all messages in
one place: the server.
• Allows user to organize
messages in folders.
• IMAP keeps user state
across sessions:
– names of folders and
mappings between
message IDs and
folder name
From: alice@crepes.fr
To: bob@hamburger.edu
Subject: Picture of yummy crepe.
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=StartOfNextPart
--StartOfNextPart
Dear Bob, Please find a picture of a crepe.
--StartOfNextPart
Content-Transfer-Encoding: base64
Content-Type: image/jpeg
base64 encoded data .....
.........................
......base64 encoded data
--StartOfNextPart
Do you want the recipe?
POP3 protocol (port 110)
authorization phase
• client commands:
– user: declare username
– pass: password
• server responses
– +OK
– -ERR
transaction phase, client:
• list: list message numbers
• retr: retrieve message by
number
• dele: delete
• quit
S:
C:
S:
C:
S:
+OK POP3 server ready
user bob
+OK
pass hungry
+OK user successfully logged
C:
S:
S:
S:
C:
S:
S:
C:
C:
S:
S:
C:
C:
S:
list
1 498
2 912
.
retr 1
<message 1 contents>
.
dele 1
retr 2
<message 1 contents>
.
dele 2
quit
+OK POP3 server signing off
on
IMAP
• Fully compatible with Internet messaging standards, e.g.
MIME.
• Allow message access and management from more than
one computer.
• Allow access without reliance on less efficient file access
protocols.
• Provide support for "online", "offline", and "disconnected"
access modes *
• Support for concurrent access to shared mailboxes
• Client software needs no knowledge about the server's
file store format.
6
Download