search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
contrib: cargo: use cargo/vendored-openssl if needed
[vlc.git] / modules / access / sftp.c
blobdc7f6cc27f71e040164811e1cc42c964303de3b7
1 /*****************************************************************************
2 * sftp.c: SFTP input module
3 *****************************************************************************
4 * Copyright (C) 2009 VLC authors and VideoLAN
5 *
6 * Authors: RĂ©mi Duraffort <ivoire@videolan.org>
7 * Petri Hintukainen <phintuka@gmail.com>
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU Lesser General Public License as published by
11 * the Free Software Foundation; either version 2.1 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public License
20 * along with this program; if not, write to the Free Software Foundation,
21 * Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
22 *****************************************************************************/
23
24 /*****************************************************************************
25 * Preamble
26 *****************************************************************************/
27 #ifdef HAVE_CONFIG_H
28 # include "config.h"
29 #endif
30
31 #include <vlc_common.h>
32 #include <vlc_plugin.h>
33
34 #include <assert.h>
35
36 #include <vlc_access.h>
37 #include <vlc_input_item.h>
38 #include <vlc_network.h>
39 #include <vlc_url.h>
40 #include <vlc_keystore.h>
41
42 #include <libssh2.h>
43 #include <libssh2_sftp.h>
44
45
46 /*****************************************************************************
47 * Module descriptor
48 *****************************************************************************/
49 static int Open ( vlc_object_t* );
50 static void Close( vlc_object_t* );
51
52 #define PORT_TEXT N_("SFTP port")
53 #define PORT_LONGTEXT N_("SFTP port number to use on the server")
54 #define USER_TEXT N_("Username")
55 #define USER_LONGTEXT N_("Username that will be used for the connection, " \
56 "if no username is set in the URL.")
57 #define PASS_TEXT N_("Password")
58 #define PASS_LONGTEXT N_("Password that will be used for the connection, " \
59 "if no username or password are set in URL.")
60
61 vlc_module_begin ()
62 set_shortname( "SFTP" )
63 set_description( N_("SFTP input") )
64 set_capability( "access", 0 )
65 set_category( CAT_INPUT )
66 set_subcategory( SUBCAT_INPUT_ACCESS )
67 add_integer( "sftp-port", 22, PORT_TEXT, PORT_LONGTEXT, true )
68 add_string( "sftp-user", NULL, USER_TEXT, USER_LONGTEXT, false )
69 add_password("sftp-pwd", NULL, PASS_TEXT, PASS_LONGTEXT)
70 add_shortcut( "sftp" )
71 set_callbacks( Open, Close )
72 vlc_module_end ()
73
74
75 /*****************************************************************************
76 * Local prototypes
77 *****************************************************************************/
78 static ssize_t Read( stream_t *, void *, size_t );
79 static int Seek( stream_t *, uint64_t );
80 static int Control( stream_t *, int, va_list );
81
82 static int DirRead( stream_t *, input_item_node_t * );
83
84 typedef struct
85 {
86 int i_socket;
87 LIBSSH2_SESSION* ssh_session;
88 LIBSSH2_SFTP* sftp_session;
89 LIBSSH2_SFTP_HANDLE* file;
90 uint64_t filesize;
91 char *psz_base_url;
92 } access_sys_t;
93
94 static int AuthKeyAgent( stream_t *p_access, const char *psz_username )
95 {
96 access_sys_t* p_sys = p_access->p_sys;
97 int i_result = VLC_EGENERIC;
98 LIBSSH2_AGENT *p_sshagent = NULL;
99 struct libssh2_agent_publickey *p_identity = NULL,
100 *p_prev_identity = NULL;
101
102 if( !psz_username || !psz_username[0] )
103 return i_result;
104
105 p_sshagent = libssh2_agent_init( p_sys->ssh_session );
106
107 if( !p_sshagent )
108 {
109 msg_Dbg( p_access, "Failed to initialize key agent" );
110 goto bailout;
111 }
112 if( libssh2_agent_connect( p_sshagent ) )
113 {
114 msg_Dbg( p_access, "Failed to connect key agent" );
115 goto bailout;
116 }
117 if( libssh2_agent_list_identities( p_sshagent ) )
118 {
119 msg_Dbg( p_access, "Failed to request identities" );
120 goto bailout;
121 }
122
123 while( libssh2_agent_get_identity( p_sshagent, &p_identity, p_prev_identity ) == 0 )
124 {
125 msg_Dbg( p_access, "Using key %s", p_identity->comment );
126 if( libssh2_agent_userauth( p_sshagent, psz_username, p_identity ) == 0 )
127 {
128 msg_Info( p_access, "Public key agent authentication succeeded" );
129 i_result = VLC_SUCCESS;
130 goto bailout;
131 }
132 msg_Dbg( p_access, "Public key agent authentication failed" );
133 p_prev_identity = p_identity;
134 }
135
136 bailout:
137 if( p_sshagent )
138 {
139 libssh2_agent_disconnect( p_sshagent );
140 libssh2_agent_free( p_sshagent );
141 }
142 return i_result;
143 }
144
145
146 static int AuthPublicKey( stream_t *p_access, const char *psz_home, const char *psz_username )
147 {
148 access_sys_t* p_sys = p_access->p_sys;
149 int i_result = VLC_EGENERIC;
150 char *psz_keyfile1 = NULL;
151 char *psz_keyfile2 = NULL;
152
153 if( !psz_username || !psz_username[0] )
154 return i_result;
155
156 if( asprintf( &psz_keyfile1, "%s/.ssh/id_rsa.pub", psz_home ) == -1 ||
157 asprintf( &psz_keyfile2, "%s/.ssh/id_rsa", psz_home ) == -1 )
158 goto bailout;
159
160 if( libssh2_userauth_publickey_fromfile( p_sys->ssh_session, psz_username, psz_keyfile1, psz_keyfile2, NULL ) )
161 {
162 msg_Dbg( p_access, "Public key authentication failed" );
163 goto bailout;
164 }
165
166 msg_Info( p_access, "Public key authentication succeeded" );
167 i_result = VLC_SUCCESS;
168
169 bailout:
170 free( psz_keyfile1 );
171 free( psz_keyfile2 );
172 return i_result;
173 }
174
175 static void SSHSessionDestroy( stream_t *p_access )
176 {
177 access_sys_t* p_sys = p_access->p_sys;
178
179 if( p_sys->ssh_session )
180 {
181 libssh2_session_free( p_sys->ssh_session );
182 p_sys->ssh_session = NULL;
183 }
184 if( p_sys->i_socket >= 0 )
185 {
186 net_Close( p_sys->i_socket );
187 p_sys->i_socket = -1;
188 }
189 }
190
191 static int SSHSessionInit( stream_t *p_access, const char *psz_host, int i_port )
192 {
193 access_sys_t* p_sys = p_access->p_sys;
194
195 /* Connect to the server using a regular socket */
196 assert( p_sys->i_socket == -1 );
197 p_sys->i_socket = net_Connect( p_access, psz_host, i_port, SOCK_STREAM,
198 0 );
199 if( p_sys->i_socket < 0 )
200 goto error;
201
202 /* Create the ssh connexion and wait until the server answer */
203 p_sys->ssh_session = libssh2_session_init();
204 if( p_sys->ssh_session == NULL )
205 goto error;
206
207 int i_ret;
208 while( ( i_ret = libssh2_session_startup( p_sys->ssh_session, p_sys->i_socket ) )
209 == LIBSSH2_ERROR_EAGAIN );
210
211 if( i_ret != 0 )
212 goto error;
213
214 /* Set the socket in non-blocking mode */
215 libssh2_session_set_blocking( p_sys->ssh_session, 1 );
216 return VLC_SUCCESS;
217
218 error:
219 msg_Err( p_access, "Impossible to open the connection to %s:%i",
220 psz_host, i_port );
221 SSHSessionDestroy( p_access );
222 return VLC_EGENERIC;
223 }
224
225 /**
226 * Connect to the sftp server and ask for a file
227 * @param p_this: the vlc_object
228 * @return VLC_SUCCESS if everything was fine
229 */
230 static int Open( vlc_object_t* p_this )
231 {
232 stream_t* p_access = (stream_t*)p_this;
233 access_sys_t* p_sys;
234 vlc_credential credential;
235 char* psz_path = NULL;
236 char *psz_session_username = NULL;
237 char* psz_home = NULL;
238 int i_port;
239 vlc_url_t url;
240 size_t i_len;
241 int i_type;
242 int i_result = VLC_EGENERIC;
243
244 if( !p_access->psz_location )
245 return VLC_EGENERIC;
246
247 p_sys = p_access->p_sys = vlc_obj_calloc( p_this, 1, sizeof( access_sys_t ) );
248 if( !p_sys ) return VLC_ENOMEM;
249
250 p_sys->i_socket = -1;
251
252 /* Parse the URL */
253 if( vlc_UrlParseFixup( &url, p_access->psz_url ) != 0 )
254 {
255 vlc_UrlClean( &url );
256 return VLC_EGENERIC;
257 }
258 vlc_credential_init( &credential, &url );
259 if( url.psz_path != NULL )
260 {
261 psz_path = vlc_uri_decode_duplicate( url.psz_path );
262 if( psz_path == NULL )
263 goto error;
264 }
265
266 /* Check for some parameters */
267 if( EMPTY_STR( url.psz_host ) )
268 {
269 msg_Err( p_access, "Unable to extract host from %s", p_access->psz_url );
270 goto error;
271 }
272
273 if( url.i_port <= 0 )
274 i_port = var_InheritInteger( p_access, "sftp-port" );
275 else
276 i_port = url.i_port;
277
278 /* Create the ssh connexion and wait until the server answer */
279 if( SSHSessionInit( p_access, url.psz_host, i_port ) != VLC_SUCCESS )
280 goto error;
281
282 /* List the know hosts */
283 LIBSSH2_KNOWNHOSTS *ssh_knownhosts = libssh2_knownhost_init( p_sys->ssh_session );
284 if( !ssh_knownhosts )
285 goto error;
286
287 psz_home = config_GetUserDir( VLC_HOME_DIR );
288 char *psz_knownhosts_file;
289 if( asprintf( &psz_knownhosts_file, "%s/.ssh/known_hosts", psz_home ) != -1 )
290 {
291 if( libssh2_knownhost_readfile( ssh_knownhosts, psz_knownhosts_file,
292 LIBSSH2_KNOWNHOST_FILE_OPENSSH ) < 0 )
293 msg_Err( p_access, "Failure reading known_hosts '%s'", psz_knownhosts_file );
294 free( psz_knownhosts_file );
295 }
296
297 const char *fingerprint = libssh2_session_hostkey( p_sys->ssh_session, &i_len, &i_type );
298 struct libssh2_knownhost *host;
299 int knownhost_fingerprint_algo;
300
301 switch( i_type )
302 {
303 case LIBSSH2_HOSTKEY_TYPE_RSA:
304 knownhost_fingerprint_algo = LIBSSH2_KNOWNHOST_KEY_SSHRSA;
305 break;
306
307 case LIBSSH2_HOSTKEY_TYPE_DSS:
308 knownhost_fingerprint_algo = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
309 break;
310 #if LIBSSH2_VERSION_NUM >= 0x010900
311 case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
312 knownhost_fingerprint_algo = LIBSSH2_KNOWNHOST_KEY_ECDSA_256;
313 break;
314
315 case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
316 knownhost_fingerprint_algo = LIBSSH2_KNOWNHOST_KEY_ECDSA_384;
317 break;
318
319 case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
320 knownhost_fingerprint_algo = LIBSSH2_KNOWNHOST_KEY_ECDSA_521;
321 break;
322 #endif
323 default:
324 msg_Err( p_access, "Host uses unrecognized session-key algorithm" );
325 libssh2_knownhost_free( ssh_knownhosts );
326 goto error;
327
328 }
329
330 #if LIBSSH2_VERSION_NUM >= 0x010206
331 int check = libssh2_knownhost_checkp( ssh_knownhosts, url.psz_host, i_port,
332 fingerprint, i_len,
333 LIBSSH2_KNOWNHOST_TYPE_PLAIN |
334 LIBSSH2_KNOWNHOST_KEYENC_RAW |
335 knownhost_fingerprint_algo,
336 &host );
337 #else
338 int check = libssh2_knownhost_check( ssh_knownhosts, url.psz_host,
339 fingerprint, i_len,
340 LIBSSH2_KNOWNHOST_TYPE_PLAIN |
341 LIBSSH2_KNOWNHOST_KEYENC_RAW |
342 knownhost_fingerprint_algo,
343 &host );
344 #endif
345
346 libssh2_knownhost_free( ssh_knownhosts );
347
348 /* Check that it does match or at least that the host is unknown */
349 switch(check)
350 {
351 case LIBSSH2_KNOWNHOST_CHECK_FAILURE:
352 case LIBSSH2_KNOWNHOST_CHECK_NOTFOUND:
353 msg_Dbg( p_access, "Unable to check the remote host" );
354 break;
355 case LIBSSH2_KNOWNHOST_CHECK_MATCH:
356 msg_Dbg( p_access, "Succesfuly matched the host" );
357 break;
358 case LIBSSH2_KNOWNHOST_CHECK_MISMATCH:
359 msg_Err( p_access, "The host does not match !! The remote key changed !!" );
360 goto error;
361 }
362
363 vlc_credential_get( &credential, p_access, "sftp-user", "sftp-pwd",
364 NULL, NULL );
365 char* psz_userauthlist = NULL;
366 bool b_publickey_tried = false;
367 do
368 {
369 if (!credential.psz_username || !credential.psz_username[0])
370 continue;
371
372 if( !psz_session_username )
373 {
374 psz_session_username = strdup( credential.psz_username );
375 psz_userauthlist =
376 libssh2_userauth_list( p_sys->ssh_session, credential.psz_username,
377 strlen( credential.psz_username ) );
378 }
379 else if( strcmp( psz_session_username, credential.psz_username ) != 0 )
380 {
381 msg_Warn( p_access, "The username changed, starting a new ssh session" );
382
383 SSHSessionDestroy( p_access );
384 if( SSHSessionInit( p_access, url.psz_host, i_port ) != VLC_SUCCESS )
385 goto error;
386
387 b_publickey_tried = false;
388 free( psz_session_username );
389 psz_session_username = strdup( credential.psz_username );
390 psz_userauthlist =
391 libssh2_userauth_list( p_sys->ssh_session, credential.psz_username,
392 strlen( credential.psz_username ) );
393 }
394 if( !psz_session_username || !psz_userauthlist )
395 goto error;
396
397 /* TODO: Follow PreferredAuthentications in ssh_config */
398
399 if( strstr( psz_userauthlist, "publickey" ) != NULL && !b_publickey_tried )
400 {
401 /* Don't try public key multiple times to avoid getting black
402 * listed */
403 b_publickey_tried = true;
404 if( AuthKeyAgent( p_access, credential.psz_username ) == VLC_SUCCESS
405 || AuthPublicKey( p_access, psz_home, credential.psz_username ) == VLC_SUCCESS )
406 break;
407 }
408
409 if( strstr( psz_userauthlist, "password" ) != NULL
410 && credential.psz_password != NULL
411 && libssh2_userauth_password( p_sys->ssh_session,
412 credential.psz_username,
413 credential.psz_password ) == 0 )
414 {
415 vlc_credential_store( &credential, p_access );
416 break;
417 }
418
419 msg_Warn( p_access, "sftp auth failed for %s", credential.psz_username );
420 } while( vlc_credential_get( &credential, p_access, "sftp-user", "sftp-pwd",
421 _("SFTP authentication"),
422 _("Please enter a valid login and password for "
423 "the sftp connexion to %s"), url.psz_host ) );
424
425 /* Create the sftp session */
426 p_sys->sftp_session = libssh2_sftp_init( p_sys->ssh_session );
427
428 if( !p_sys->sftp_session )
429 {
430 msg_Err( p_access, "Unable to initialize the SFTP session" );
431 goto error;
432 }
433
434 /* No path, default to user Home */
435 if( !psz_path )
436 {
437 const size_t i_size = 1024;
438 int i_read;
439
440 char* psz_remote_home = malloc( i_size );
441 if( !psz_remote_home )
442 goto error;
443
444 i_read = libssh2_sftp_symlink_ex( p_sys->sftp_session, ".", 1,
445 psz_remote_home, i_size - 1,
446 LIBSSH2_SFTP_REALPATH );
447 if( i_read <= 0 )
448 {
449 msg_Err( p_access, "Impossible to get the Home directory" );
450 free( psz_remote_home );
451 goto error;
452 }
453 psz_remote_home[i_read] = '\0';
454 psz_path = psz_remote_home;
455
456 /* store base url for directory read */
457 char *base = vlc_path2uri( psz_path, "sftp" );
458 if( !base )
459 goto error;
460 if( -1 == asprintf( &p_sys->psz_base_url, "sftp://%s%s", p_access->psz_location, base + 7 ) )
461 {
462 free( base );
463 goto error;
464 }
465 free( base );
466 }
467
468 /* Get some information */
469 LIBSSH2_SFTP_ATTRIBUTES attributes;
470 if( libssh2_sftp_stat( p_sys->sftp_session, psz_path, &attributes ) )
471 {
472 msg_Err( p_access, "Impossible to get information about the remote path %s", psz_path );
473 goto error;
474 }
475
476 if( !LIBSSH2_SFTP_S_ISDIR( attributes.permissions ))
477 {
478 /* Open the given file */
479 p_sys->file = libssh2_sftp_open( p_sys->sftp_session, psz_path, LIBSSH2_FXF_READ, 0 );
480 p_sys->filesize = attributes.filesize;
481
482 ACCESS_SET_CALLBACKS( Read, NULL, Control, Seek );
483 }
484 else
485 {
486 /* Open the given directory */
487 p_sys->file = libssh2_sftp_opendir( p_sys->sftp_session, psz_path );
488
489 p_access->pf_readdir = DirRead;
490 p_access->pf_control = access_vaDirectoryControlHelper;
491
492 if( !p_sys->psz_base_url )
493 {
494 if( asprintf( &p_sys->psz_base_url, "sftp://%s", p_access->psz_location ) == -1 )
495 goto error;
496
497 /* trim trailing '/' */
498 size_t len = strlen( p_sys->psz_base_url );
499 if( len > 0 && p_sys->psz_base_url[ len - 1 ] == '/' )
500 p_sys->psz_base_url[ len - 1 ] = 0;
501 }
502 }
503
504 if( !p_sys->file )
505 {
506 msg_Err( p_access, "Unable to open the remote path %s", psz_path );
507 goto error;
508 }
509
510 i_result = VLC_SUCCESS;
511
512 error:
513 free( psz_home );
514 free( psz_session_username );
515 free( psz_path );
516 vlc_credential_clean( &credential );
517 vlc_UrlClean( &url );
518 if( i_result != VLC_SUCCESS ) {
519 Close( p_this );
520 }
521 return i_result;
522 }
523
524
525 /* Close: quit the module */
526 static void Close( vlc_object_t* p_this )
527 {
528 stream_t* p_access = (stream_t*)p_this;
529 access_sys_t* p_sys = p_access->p_sys;
530
531 if( p_sys->file )
532 libssh2_sftp_close_handle( p_sys->file );
533 if( p_sys->sftp_session )
534 libssh2_sftp_shutdown( p_sys->sftp_session );
535 SSHSessionDestroy( p_access );
536
537 free( p_sys->psz_base_url );
538 }
539
540
541 static ssize_t Read( stream_t *p_access, void *buf, size_t len )
542 {
543 access_sys_t *p_sys = p_access->p_sys;
544
545 ssize_t val = libssh2_sftp_read( p_sys->file, buf, len );
546 if( val < 0 )
547 {
548 msg_Err( p_access, "read failed" );
549 return 0;
550 }
551
552 return val;
553 }
554
555
556 static int Seek( stream_t* p_access, uint64_t i_pos )
557 {
558 access_sys_t *sys = p_access->p_sys;
559
560 libssh2_sftp_seek( sys->file, i_pos );
561 return VLC_SUCCESS;
562 }
563
564
565 static int Control( stream_t* p_access, int i_query, va_list args )
566 {
567 access_sys_t *sys = p_access->p_sys;
568 bool* pb_bool;
569
570 switch( i_query )
571 {
572 case STREAM_CAN_SEEK:
573 pb_bool = va_arg( args, bool * );
574 *pb_bool = true;
575 break;
576
577 case STREAM_CAN_FASTSEEK:
578 pb_bool = va_arg( args, bool * );
579 *pb_bool = false;
580 break;
581
582 case STREAM_CAN_PAUSE:
583 case STREAM_CAN_CONTROL_PACE:
584 pb_bool = va_arg( args, bool * );
585 *pb_bool = true;
586 break;
587
588 case STREAM_GET_SIZE:
589 if( p_access->pf_readdir != NULL )
590 return VLC_EGENERIC;
591 *va_arg( args, uint64_t * ) = sys->filesize;
592 break;
593
594 case STREAM_GET_PTS_DELAY:
595 *va_arg( args, vlc_tick_t * ) =
596 VLC_TICK_FROM_MS(var_InheritInteger( p_access, "network-caching" ));
597 break;
598
599 case STREAM_SET_PAUSE_STATE:
600 break;
601
602 default:
603 return VLC_EGENERIC;
604 }
605
606 return VLC_SUCCESS;
607 }
608
609
610 /*****************************************************************************
611 * Directory access
612 *****************************************************************************/
613
614 static int DirRead (stream_t *p_access, input_item_node_t *p_current_node)
615 {
616 access_sys_t *p_sys = p_access->p_sys;
617 LIBSSH2_SFTP_ATTRIBUTES attrs;
618 int i_ret = VLC_SUCCESS;
619 int err;
620 /* Allocate 1024 bytes for file name. Longer names are skipped.
621 * libssh2 does not support seeking in directory streams.
622 * Retrying with larger buffer is possible, but would require
623 * re-opening the directory stream.
624 */
625 size_t i_size = 1024;
626 char *psz_file = malloc( i_size );
627
628 if( !psz_file )
629 return VLC_ENOMEM;
630
631 struct vlc_readdir_helper rdh;
632 vlc_readdir_helper_init( &rdh, p_access, p_current_node );
633
634 while( i_ret == VLC_SUCCESS
635 && 0 != ( err = libssh2_sftp_readdir( p_sys->file, psz_file, i_size, &attrs ) ) )
636 {
637 if( err < 0 )
638 {
639 if( err == LIBSSH2_ERROR_BUFFER_TOO_SMALL )
640 {
641 /* seeking back is not possible ... */
642 msg_Dbg( p_access, "skipped too long file name" );
643 continue;
644 }
645 if( err == LIBSSH2_ERROR_EAGAIN )
646 {
647 continue;
648 }
649 msg_Err( p_access, "directory read failed" );
650 break;
651 }
652
653 /* Create an input item for the current entry */
654
655 char *psz_full_uri, *psz_uri;
656
657 psz_uri = vlc_uri_encode( psz_file );
658 if( psz_uri == NULL )
659 {
660 i_ret = VLC_ENOMEM;
661 break;
662 }
663
664 if( asprintf( &psz_full_uri, "%s/%s", p_sys->psz_base_url, psz_uri ) == -1 )
665 {
666 free( psz_uri );
667 i_ret = VLC_ENOMEM;
668 break;
669 }
670 free( psz_uri );
671
672 int i_type = LIBSSH2_SFTP_S_ISDIR( attrs.permissions ) ? ITEM_TYPE_DIRECTORY : ITEM_TYPE_FILE;
673 i_ret = vlc_readdir_helper_additem( &rdh, psz_full_uri, NULL, psz_file,
674 i_type, ITEM_NET );
675 free( psz_full_uri );
676 }
677
678 vlc_readdir_helper_finish( &rdh, i_ret == VLC_SUCCESS );
679 free( psz_file );
680 return i_ret;
681 }
VLC Development tree mirror