pyftpdlib RFC compliance

Introduction

This page lists current standard Internet RFCs that define the FTP protocol.

pyftpdlib conforms to the FTP protocol standard as defined in RFC-959 and RFC-1123 implementing all the fundamental commands and features described in them. It also implements some more recent features such as OPTS and FEAT commands (RFC-2398), EPRT and EPSV commands covering the IPv6 support (RFC-2428) and MDTM, MLSD, MLST and SIZE commands defined in RFC-3659.

Future plans for pyftpdlib include the gradual implementation of other standards track RFCs.

Some of the features like ACCT or SMNT commands will never be implemented deliberately. Other features described in more recent RFCs like the TLS/SSL support for securing FTP (RFC-4217) are now implemented as a demo script, waiting to reach the proper level of stability to be then included in the standard code base.

RFC-959 - File Transfer Protocol

The base specification of the current File Transfer Protocol.

Command Implemented Milestone Description Notes
ABOR YES 0.1.0 Abort data transfer.  
ACCT NO Specify account information. It will never be implemented (useless).
ALLO YES 0.1.0 Ask for server to allocate enough storage space. Treated as a NOOP (no operation).
APPE YES 0.1.0 Append data to an existing file.  
CDUP YES 0.1.0 Go to parent directory.  
CWD YES 0.1.0 Change current working directory.  
DELE YES 0.1.0 Delete file.  
HELP YES 0.1.0 Show help. Accept also arguments.
LIST YES 0.1.0 List files. Accept also bad arguments like “-ls”, “-la”, ...
MKD YES 0.1.0 Create directory.  
MODE YES 0.1.0 Set data transfer mode. “STREAM” mode is supported, “Block” and “Compressed” aren’t.
NLST YES 0.1.0 List files in a compact form. Globbing of wildcards is not supported (for example, NLST *.txt will not work)
NOOP YES 0.1.0 NOOP (no operation), just do nothing.  
PASS YES 0.1.0 Set user password.  
PASV YES 0.1.0 Set server in passive connection mode.  
PORT YES 0.1.0 Set server in active connection mode.  
PWD YES 0.1.0 Get current working directory.  
QUIT YES 0.1.0 Quit session. If file transfer is in progress, the connection will remain open until it is finished.
REIN YES 0.1.0 Reinitialize user’s current session.  
REST YES 0.1.0 Restart file position.  
RETR YES 0.1.0 Retrieve a file (client’s download).  
RMD YES 0.1.0 Remove directory.  
RNFR YES 0.1.0 File renaming (source)  
RNTO YES 0.1.0 File renaming (destination)  
SITE YES 0.5.1 Site specific server services. No SITE commands aside from “SITE HELP” are implemented by default. The user willing to add support for a specific SITE command has to define a new ftp_SITE_CMD method in the FTPHandler subclass.
SMNT NO Mount file-system structure. Will never be implemented (too much system-dependent and almost never used).
STAT YES 0.1.0 Server’s status information / File LIST  
STOR YES 0.1.0 Store a file (client’s upload).  
STOU YES 0.1.0 Store a file with a unique name.  
STRU YES 0.1.0 Set file structure. Supports only File type structure by doing a NOOP (no operation). Other structure types (Record and Page) are not implemented.
SYST YES 0.1.0 Get system type. Always return “UNIX Type: L8” because of the LIST output provided.
TYPE YES 0.1.0 Set current type (Binary/ASCII). Accept only Binary and ASII TYPEs. Other TYPEs such as EBCDIC are obsoleted, system-dependent and thus not implemented.
USER YES 0.1.0 Set user. A new USER command could be entered at any point in order to change the access control flushing any user, password, and account information already supplied and beginning the login sequence again.

RFC-1123 - Requirements for Internet Hosts

Extends and clarifies some aspects of RFC-959. Introduces new response codes 554 and 555.

  • Issued: October 1989
  • Status: STANDARD
  • Link
Feature Implemented Milestone Description Notes
TYPE L 8 as synonym of TYPE I YES 0.2.0 TYPE L 8 command should be treated as synonym of TYPE I (“IMAGE” or binary type).  
PASV is per-transfer YES 0.1.0 PASV must be used for a unique transfer. If PASV is issued twice data-channel is restarted.
Implied type for LIST and NLST YES 0.1.0 The data returned by a LIST or NLST command SHOULD use an implied TYPE AN.  
STOU format output YES 0.2.0 Defined the exact format output which STOU response must respect (“125/150 FILE filename”).  
Avoid 250 response type on STOU YES 0.2.0 The 250 positive response indicated in RFC-959 has been declared incorrect in RFC-1123 which requires 125/150 instead.  
Handle “Experimental” directory cmds YES 0.1.0 The server should support XCUP, XCWD, XMKD, XPWD and XRMD obsoleted commands and treat them as synonyms for CDUP, CWD, MKD, LIST and RMD commands.  
Idle timeout YES 0.5.0 A Server-FTP process SHOULD have a configurable idle timeout of 5 minutes, which will terminate the process and close the control connection if the server is inactive (i.e., no command or data transfer in progress) for a long period of time.  
Concurrency of data and control YES 0.1.0 Server-FTP should be able to process STAT or ABOR while a data transfer is in progress Feature granted natively for ALL commands since we’re in an asynchronous environment.
554 response on wrong REST YES 0.2.0 Return a 554 reply may for a command that follows a REST command. The reply indicates that the existing file at the Server-FTP cannot be repositioned as specified in the REST.  

RFC-2228 - FTP Security Extensions

Specifies several security extensions to the base FTP protocol defined in RFC-959. New commands: AUTH, ADAT, PROT, PBSZ, CCC, MIC, CONF, and ENC. New response codes: 232, 234, 235, 334, 335, 336, 431, 533, 534, 535, 536, 537, 631, 632, and 633.

  • Issued: October 1997
  • Status: PROPOSED STANDARD
  • Updates: RFC-959
  • Link
Command Implemented Milestone Description Notes
AUTH NO Authentication/Security Mechanism. Implemented as demo script by following the RFC=4217 guide line.
CCC NO Clear Command Channel.  
CONF NO Confidentiality Protected Command. Somewhat obsoleted by RFC-4217.
EENC NO Privacy Protected Command. Somewhat obsoleted by RFC-4217.
MIC NO Integrity Protected Command. Somewhat obsoleted by RFC-4217.
PBSZ NO Protection Buffer Size. Implemented as demo script by following the RFC-4217 guide line as a no-op command.
PROT NO Data Channel Protection Level. Implemented as demo script by following the RFC-4217 guide line supporting only “P” and “C” protection levels.

RFC-2389 - Feature negotiation mechanism for the File Transfer Protocol

Introduces the new FEAT and OPTS commands.

  • Issued: August 1998
  • Status: PROPOSED STANDARD
  • Link
Command Implemented Milestone Description Notes
FEAT YES 0.3.0 List new supported commands subsequent RFC-959  
OPTS YES 0.3.0 Set options for certain commands. MLST is the only command which could be used with OPTS.

RFC-2428 - FTP Extensions for IPv6 and NATs

Introduces the new commands EPRT and EPSV extending FTP to enable its use over various network protocols, and the new response codes 522 and 229.

  • Issued: September 1998
  • Status: PROPOSED STANDARD
  • Link
Command Implemented Milestone Description Notes
EPRT YES 0.4.0 Set active data connection over IPv4 or IPv6  
EPSV YES 0.4.0 Set passive data connection over IPv4 or IPv6  

RFC-2577 - FTP Security Considerations

Provides several configuration and implementation suggestions to mitigate some security concerns, including limiting failed password attempts and third-party “proxy FTP” transfers, which can be used in “bounce attacks”.

  • Issued: May 1999
  • Status: INFORMATIONAL
  • Link
Feature Implemented Milestone Description Notes
FTP bounce protection YES 0.2.0 Reject PORT if IP address specified in it does not match client IP address. Drop the incoming (PASV) data connection for the same reason. Configurable.
Restrict PASV/PORT to non privileged ports YES 0.2.0 Reject connections to privileged ports. Configurable.
Brute force protection (1) YES 0.1.0 Disconnect client after a certain number (3 or 5) of wrong authentications. Configurable.
Brute force protection (2) YES 0.5.0 Impose a 5 second delay before replying to an invalid “PASS” command to diminish the efficiency of a brute force attack.  
Per-source-IP limit YES 0.2.0 Limit the total number of per-ip control connections to avoid parallel brute-force attack attempts. Configurable.
Do not reject wrong usernames YES 0.1.0 Always return 331 to the USER command to prevent client from determining valid usernames on the server.  
Port stealing protection YES 0.1.1 Use random-assigned local ports for data connections.  

RFC-2640 - Internationalization of the File Transfer Protocol

Extends the FTP protocol to support multiple character sets, in addition to the original 7-bit ASCII. Introduces the new LANG command.

  • Issued: July 1999
  • Status: PROPOSED STANDARD
  • Updates: RFC-959
  • Link
Feature Implemented Milestone Description Notes
LANG command NO Set current response’s language.  
Support for UNICODE YES 1.0.0 For support of global compatibility it is rencommended that clients and servers use UTF-8 encoding when exchanging pathnames.  

RFC-3659 - Extensions to FTP

Four new commands are added: “SIZE”, “MDTM”, “MLST”, and “MLSD”. The existing command “REST” is modified.

  • Issued: March 2007
  • Status: PROPOSED STANDARD
  • Updates: RFC-959
  • Link
Feature Implemented Milestone Description Notes
MDTM command YES 0.1.0 Get file’s last modification time  
MLSD command YES 0.3.0 Get directory list in a standardized form.  
MLST command YES 0.3.0 Get file information in a standardized form.  
SIZE command YES 0.1.0 Get file size. In case of ASCII TYPE it does not perform the ASCII conversion to avoid DoS conditions (see FAQs for more details).
TVSF mechanism YES 0.1.0 Provide a file system naming conventions modeled loosely upon those of the Unix file system supporting relative and absolute path names.  
Minimum required set of MLST facts YES 0.3.0 If conceivably possible, support at least the type, perm, size, unique, and modify MLSX command facts.  
GMT should be used for timestamps YES 0.6.0 All times reported by MDTM, LIST, MLSD and MLST commands must be in GMT times Possibility to change time display between GMT and local time provided as “use_gmt_times” attribute

RFC-4217 - Securing FTP with TLS

Provides a description on how to implement TLS as a security mechanism to secure FTP clients and/or servers.

Command Implemented Milestone Description Notes
AUTH YES Authentication/Security Mechanism.  
CCC NO Clear Command Channel.  
PBSZ YES Protection Buffer Size. Implemented as as a no-op as recommended.
PROT YES Data Channel Protection Level. Support only “P” and “C” protection levels.

Unofficial commands

These are commands not officialy included in any RFC but many FTP servers implement them.

Command Implemented Milestone Description Notes
SITE CHMOD YES 0.7.0 Change file mode.