| blob | 5a132d8f2319ff34847309759c097aa8ce705b7f |
1 /* nbdkit
2 * Copyright (C) 2014-2020 Red Hat Inc.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
6 * met:
7 *
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * * Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * * Neither the name of Red Hat nor the names of its contributors may be
16 * used to endorse or promote products derived from this software without
17 * specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
26 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
29 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
33 #include <config.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <stdbool.h>
38 #include <stdarg.h>
39 #include <stdint.h>
40 #include <inttypes.h>
41 #include <limits.h>
42 #include <string.h>
43 #include <unistd.h>
44 #include <fcntl.h>
45 #include <sys/stat.h>
47 #include <pthread.h>
49 #include <libssh/libssh.h>
50 #include <libssh/sftp.h>
51 #include <libssh/callbacks.h>
53 #include <nbdkit-plugin.h>
74 /* config can be:
75 * NULL => parse options from default file
76 * "" => do NOT parse options
77 * some filename => parse options from filename
78 */
81 /* Use '-D ssh.log=N' to set. */
84 /* If ssh_debug_log > 0 then the library will call this function with
85 * log messages.
86 */
87 static void
89 {
96 else
99 /* NB We don't need to print the function parameter because it is
100 * always prefixed to the message.
101 */
103 }
105 static void
107 {
110 }
112 /* Called for each key=value passed on the command line. */
113 static int
115 {
134 }
143 /* %-expanded, cannot use nbdkit_absolute_path on value */
147 }
148 }
155 }
160 #if LONG_MAX < UINT32_MAX
161 /* C17 5.2.4.2.1 requires that LONG_MAX is at least 2^31 - 1.
162 * However a large positive number might still exceed the limit.
163 */
167 }
168 #endif
169 }
175 }
181 }
186 }
191 /* OpenSSH checks this too. */
195 }
196 }
201 }
204 }
206 /* The host and path parameters are mandatory. */
207 static int
209 {
214 }
216 /* If create=true, create-size must be supplied. */
221 }
224 }
226 #define ssh_config_help \
240 "create-size=SIZE Set the size of the remote file."
242 /* Since we must simulate atomic pread and pwrite using seek +
243 * read/write, calls on each handle must be serialized.
244 */
245 #define THREAD_MODEL NBDKIT_THREAD_MODEL_SERIALIZE_REQUESTS
247 /* The per-connection handle. */
249 ssh_session session;
250 sftp_session sftp;
251 sftp_file file;
252 };
254 /* Verify the remote host.
255 * See: http://api.libssh.org/master/libssh_tutor_guided_tour.html
256 */
257 static int
259 {
265 /* OK */
278 /* This is not actually an error, but the user must ensure the
279 * host key is set up before using nbdkit so we error out here.
280 */
285 /* See: https://gitlab.com/nbdkit/nbdkit/-/issues/10 */
287 "first and accept the host key; or the known_hosts "
288 "file (usually ~/.ssh/known_hosts) could not be opened, "
295 }
298 }
300 /* Authenticate.
301 * See: http://api.libssh.org/master/libssh_tutor_authentication.html
302 */
303 static int
305 {
314 }
316 static int
318 {
326 }
328 static int
330 {
342 method,
347 method & SSH_AUTH_METHOD_INTERACTIVE
349 method & SSH_AUTH_METHOD_GSSAPI_MIC
357 }
362 }
364 /* All compatible methods were tried and none worked. Come up with
365 * an actionable diagnostic message if we recognise the problem.
366 */
371 }
376 }
379 "but you tried to use a password; if you have root access "
380 "to the server, try editing 'sshd_config' and setting "
381 "'PasswordAuthentication yes'; otherwise try setting up "
384 }
388 }
390 /* This function opens or creates the remote file (depending on
391 * create=false|true). Parallel connections might call this function
392 * at the same time, and so we must hold a lock to ensure that the
393 * file is created at most once.
394 */
397 static sftp_file
399 {
403 sftp_file file;
415 }
418 /* There's no sftp_truncate call. However OpenSSH lets you call
419 * SSH_FXP_SETSTAT + SSH_FILEXFER_ATTR_SIZE which invokes
420 * truncate(2) on the server. Libssh doesn't provide a binding
421 * for SSH_FXP_FSETSTAT so we have to pass the session + path.
422 */
425 SSH_FILEXFER_ATTR_PERMISSIONS,
428 };
434 /* Best-effort attempt to delete the remote file on failure. */
440 }
441 }
443 /* On the next connection, don't create or truncate the file. */
447 }
449 /* Create the per-connection handle. */
452 {
462 }
464 /* Set up the SSH session. */
469 }
473 /* Even though this is setting a "global", we must call it every
474 * time we set the session otherwise messages go to stderr.
475 */
477 }
479 /* Disable Nagle's algorithm which is recommended by the libssh
480 * developers to improve performance of sftp. Ignore any error if
481 * we fail to set this.
482 */
490 }
497 }
498 }
505 }
506 }
513 }
514 /* XXX This is still going to read the global file, and there
515 * seems to be no way to disable that. However it doesn't matter
516 * as this file is rarely present.
517 */
518 }
526 }
527 }
535 }
536 }
544 }
545 }
547 /* Read SSH config or alternative file. Must happen last so that
548 * the hostname has been set already.
549 */
551 /* NULL means parse the default files, which are ~/.ssh/config and
552 * /etc/ssh/ssh_config. If either are missing then they are
553 * ignored.
554 */
560 }
561 }
563 /* User has specified a single file. This function ignores the
564 * case where the file is missing - should we check this? XXX
565 */
571 }
572 }
574 /* Connect. */
580 }
582 /* Verify the remote host. */
586 /* Authenticate. */
590 /* Open the SFTP connection. */
596 }
602 }
604 /* Open or create the remote file. */
613 err:
621 }
624 }
626 /* Free up the per-connection handle. */
627 static void
629 {
641 }
643 /* Get the file size. */
644 static int64_t
646 {
648 sftp_attributes attrs;
656 }
658 /* Read data from the remote server. */
659 static int
661 {
664 ssize_t rs;
670 }
677 }
680 }
683 }
685 /* Write data to the remote server. */
686 static int
688 {
691 ssize_t rs;
697 }
700 /* Openssh has a maximum packet size of 256K, so any write
701 * requests larger than this will fail in a peculiar way. (This
702 * limit doesn't seem to include the SFTP protocol overhead).
703 * Therefore if the count is larger than 128K, reduce the size of
704 * the request. I don't know whether 256K is a limit that applies
705 * to all servers.
706 */
711 }
714 }
717 }
719 static int
721 {
724 /* I added this extension to openssh 6.5 (April 2013). It may not
725 * be available in other SSH servers.
726 */
728 }
730 static int
732 {
735 /* After examining the OpenSSH implementation of sftp-server we
736 * concluded that its write/flush behaviour is safe for advertising
737 * multi-conn. Other servers may not be safe. Use the
738 * fsync@openssh.com feature as a proxy.
739 */
741 }
743 static int
745 {
749 again:
756 }
759 }
777 };