/curl-7.28.0/lib/ssh.c
C | 3306 lines | 2470 code | 404 blank | 432 comment | 541 complexity | f29f1861526b8cac41100067716edfc0 MD5 | raw file
Large files files are truncated, but you can click here to view the full file
- /***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
- /* #define CURL_LIBSSH2_DEBUG */
- #include "setup.h"
- #ifdef USE_LIBSSH2
- #ifdef HAVE_LIMITS_H
- # include <limits.h>
- #endif
- #include <libssh2.h>
- #include <libssh2_sftp.h>
- #ifdef HAVE_UNISTD_H
- #include <unistd.h>
- #endif
- #ifdef HAVE_FCNTL_H
- #include <fcntl.h>
- #endif
- #ifdef HAVE_SYS_SOCKET_H
- #include <sys/socket.h>
- #endif
- #ifdef HAVE_NETINET_IN_H
- #include <netinet/in.h>
- #endif
- #ifdef HAVE_ARPA_INET_H
- #include <arpa/inet.h>
- #endif
- #ifdef HAVE_UTSNAME_H
- #include <sys/utsname.h>
- #endif
- #ifdef HAVE_NETDB_H
- #include <netdb.h>
- #endif
- #ifdef __VMS
- #include <in.h>
- #include <inet.h>
- #endif
- #if (defined(NETWARE) && defined(__NOVELL_LIBC__))
- #undef in_addr_t
- #define in_addr_t unsigned long
- #endif
- #include <curl/curl.h>
- #include "urldata.h"
- #include "sendf.h"
- #include "hostip.h"
- #include "progress.h"
- #include "transfer.h"
- #include "escape.h"
- #include "http.h" /* for HTTP proxy tunnel stuff */
- #include "ssh.h"
- #include "url.h"
- #include "speedcheck.h"
- #include "getinfo.h"
- #include "strequal.h"
- #include "sslgen.h"
- #include "connect.h"
- #include "strerror.h"
- #include "inet_ntop.h"
- #include "parsedate.h" /* for the week day and month names */
- #include "sockaddr.h" /* required for Curl_sockaddr_storage */
- #include "strtoofft.h"
- #include "multiif.h"
- #include "select.h"
- #include "warnless.h"
- #define _MPRINTF_REPLACE /* use our functions only */
- #include <curl/mprintf.h>
- #include "curl_memory.h"
- /* The last #include file should be: */
- #include "memdebug.h"
- #ifdef WIN32
- # undef PATH_MAX
- # define PATH_MAX MAX_PATH
- #endif
- #ifndef PATH_MAX
- #define PATH_MAX 1024 /* just an extra precaution since there are systems that
- have their definition hidden well */
- #endif
- #define sftp_libssh2_last_error(s) curlx_ultosi(libssh2_sftp_last_error(s))
- #define sftp_libssh2_realpath(s,p,t,m) \
- libssh2_sftp_symlink_ex((s), (p), curlx_uztoui(strlen(p)), \
- (t), (m), LIBSSH2_SFTP_REALPATH)
- /* Local functions: */
- static const char *sftp_libssh2_strerror(int err);
- static LIBSSH2_ALLOC_FUNC(my_libssh2_malloc);
- static LIBSSH2_REALLOC_FUNC(my_libssh2_realloc);
- static LIBSSH2_FREE_FUNC(my_libssh2_free);
- static CURLcode get_pathname(const char **cpp, char **path);
- static CURLcode ssh_connect(struct connectdata *conn, bool *done);
- static CURLcode ssh_multi_statemach(struct connectdata *conn, bool *done);
- static CURLcode ssh_do(struct connectdata *conn, bool *done);
- static CURLcode ssh_getworkingpath(struct connectdata *conn,
- char *homedir, /* when SFTP is used */
- char **path);
- static CURLcode scp_done(struct connectdata *conn,
- CURLcode, bool premature);
- static CURLcode scp_doing(struct connectdata *conn,
- bool *dophase_done);
- static CURLcode scp_disconnect(struct connectdata *conn, bool dead_connection);
- static CURLcode sftp_done(struct connectdata *conn,
- CURLcode, bool premature);
- static CURLcode sftp_doing(struct connectdata *conn,
- bool *dophase_done);
- static CURLcode sftp_disconnect(struct connectdata *conn, bool dead);
- static
- CURLcode sftp_perform(struct connectdata *conn,
- bool *connected,
- bool *dophase_done);
- static int ssh_getsock(struct connectdata *conn,
- curl_socket_t *sock, /* points to numsocks number
- of sockets */
- int numsocks);
- static int ssh_perform_getsock(const struct connectdata *conn,
- curl_socket_t *sock, /* points to numsocks
- number of sockets */
- int numsocks);
- /*
- * SCP protocol handler.
- */
- const struct Curl_handler Curl_handler_scp = {
- "SCP", /* scheme */
- ZERO_NULL, /* setup_connection */
- ssh_do, /* do_it */
- scp_done, /* done */
- ZERO_NULL, /* do_more */
- ssh_connect, /* connect_it */
- ssh_multi_statemach, /* connecting */
- scp_doing, /* doing */
- ssh_getsock, /* proto_getsock */
- ssh_getsock, /* doing_getsock */
- ZERO_NULL, /* domore_getsock */
- ssh_perform_getsock, /* perform_getsock */
- scp_disconnect, /* disconnect */
- ZERO_NULL, /* readwrite */
- PORT_SSH, /* defport */
- CURLPROTO_SCP, /* protocol */
- PROTOPT_DIRLOCK | PROTOPT_CLOSEACTION
- | PROTOPT_NOURLQUERY /* flags */
- };
- /*
- * SFTP protocol handler.
- */
- const struct Curl_handler Curl_handler_sftp = {
- "SFTP", /* scheme */
- ZERO_NULL, /* setup_connection */
- ssh_do, /* do_it */
- sftp_done, /* done */
- ZERO_NULL, /* do_more */
- ssh_connect, /* connect_it */
- ssh_multi_statemach, /* connecting */
- sftp_doing, /* doing */
- ssh_getsock, /* proto_getsock */
- ssh_getsock, /* doing_getsock */
- ZERO_NULL, /* domore_getsock */
- ssh_perform_getsock, /* perform_getsock */
- sftp_disconnect, /* disconnect */
- ZERO_NULL, /* readwrite */
- PORT_SSH, /* defport */
- CURLPROTO_SFTP, /* protocol */
- PROTOPT_DIRLOCK | PROTOPT_CLOSEACTION
- | PROTOPT_NOURLQUERY /* flags */
- };
- static void
- kbd_callback(const char *name, int name_len, const char *instruction,
- int instruction_len, int num_prompts,
- const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts,
- LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses,
- void **abstract)
- {
- struct connectdata *conn = (struct connectdata *)*abstract;
- #ifdef CURL_LIBSSH2_DEBUG
- fprintf(stderr, "name=%s\n", name);
- fprintf(stderr, "name_len=%d\n", name_len);
- fprintf(stderr, "instruction=%s\n", instruction);
- fprintf(stderr, "instruction_len=%d\n", instruction_len);
- fprintf(stderr, "num_prompts=%d\n", num_prompts);
- #else
- (void)name;
- (void)name_len;
- (void)instruction;
- (void)instruction_len;
- #endif /* CURL_LIBSSH2_DEBUG */
- if(num_prompts == 1) {
- responses[0].text = strdup(conn->passwd);
- responses[0].length = curlx_uztoui(strlen(conn->passwd));
- }
- (void)prompts;
- (void)abstract;
- } /* kbd_callback */
- static CURLcode sftp_libssh2_error_to_CURLE(int err)
- {
- switch (err) {
- case LIBSSH2_FX_OK:
- return CURLE_OK;
- case LIBSSH2_FX_NO_SUCH_FILE:
- case LIBSSH2_FX_NO_SUCH_PATH:
- return CURLE_REMOTE_FILE_NOT_FOUND;
- case LIBSSH2_FX_PERMISSION_DENIED:
- case LIBSSH2_FX_WRITE_PROTECT:
- case LIBSSH2_FX_LOCK_CONFlICT:
- return CURLE_REMOTE_ACCESS_DENIED;
- case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM:
- case LIBSSH2_FX_QUOTA_EXCEEDED:
- return CURLE_REMOTE_DISK_FULL;
- case LIBSSH2_FX_FILE_ALREADY_EXISTS:
- return CURLE_REMOTE_FILE_EXISTS;
- case LIBSSH2_FX_DIR_NOT_EMPTY:
- return CURLE_QUOTE_ERROR;
- default:
- break;
- }
- return CURLE_SSH;
- }
- static CURLcode libssh2_session_error_to_CURLE(int err)
- {
- switch (err) {
- /* Ordered by order of appearance in libssh2.h */
- case LIBSSH2_ERROR_NONE:
- return CURLE_OK;
- case LIBSSH2_ERROR_SOCKET_NONE:
- return CURLE_COULDNT_CONNECT;
- case LIBSSH2_ERROR_ALLOC:
- return CURLE_OUT_OF_MEMORY;
- case LIBSSH2_ERROR_SOCKET_SEND:
- return CURLE_SEND_ERROR;
- case LIBSSH2_ERROR_HOSTKEY_INIT:
- case LIBSSH2_ERROR_HOSTKEY_SIGN:
- case LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED:
- case LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED:
- return CURLE_PEER_FAILED_VERIFICATION;
- case LIBSSH2_ERROR_PASSWORD_EXPIRED:
- return CURLE_LOGIN_DENIED;
- case LIBSSH2_ERROR_SOCKET_TIMEOUT:
- case LIBSSH2_ERROR_TIMEOUT:
- return CURLE_OPERATION_TIMEDOUT;
- case LIBSSH2_ERROR_EAGAIN:
- return CURLE_AGAIN;
- }
- /* TODO: map some more of the libssh2 errors to the more appropriate CURLcode
- error code, and possibly add a few new SSH-related one. We must however
- not return or even depend on libssh2 errors in the public libcurl API */
- return CURLE_SSH;
- }
- static LIBSSH2_ALLOC_FUNC(my_libssh2_malloc)
- {
- (void)abstract; /* arg not used */
- return malloc(count);
- }
- static LIBSSH2_REALLOC_FUNC(my_libssh2_realloc)
- {
- (void)abstract; /* arg not used */
- return realloc(ptr, count);
- }
- static LIBSSH2_FREE_FUNC(my_libssh2_free)
- {
- (void)abstract; /* arg not used */
- if(ptr) /* ssh2 agent sometimes call free with null ptr */
- free(ptr);
- }
- /*
- * SSH State machine related code
- */
- /* This is the ONLY way to change SSH state! */
- static void state(struct connectdata *conn, sshstate nowstate)
- {
- #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
- /* for debug purposes */
- static const char * const names[] = {
- "SSH_STOP",
- "SSH_INIT",
- "SSH_S_STARTUP",
- "SSH_HOSTKEY",
- "SSH_AUTHLIST",
- "SSH_AUTH_PKEY_INIT",
- "SSH_AUTH_PKEY",
- "SSH_AUTH_PASS_INIT",
- "SSH_AUTH_PASS",
- "SSH_AUTH_AGENT_INIT",
- "SSH_AUTH_AGENT_LIST",
- "SSH_AUTH_AGENT",
- "SSH_AUTH_HOST_INIT",
- "SSH_AUTH_HOST",
- "SSH_AUTH_KEY_INIT",
- "SSH_AUTH_KEY",
- "SSH_AUTH_DONE",
- "SSH_SFTP_INIT",
- "SSH_SFTP_REALPATH",
- "SSH_SFTP_QUOTE_INIT",
- "SSH_SFTP_POSTQUOTE_INIT",
- "SSH_SFTP_QUOTE",
- "SSH_SFTP_NEXT_QUOTE",
- "SSH_SFTP_QUOTE_STAT",
- "SSH_SFTP_QUOTE_SETSTAT",
- "SSH_SFTP_QUOTE_SYMLINK",
- "SSH_SFTP_QUOTE_MKDIR",
- "SSH_SFTP_QUOTE_RENAME",
- "SSH_SFTP_QUOTE_RMDIR",
- "SSH_SFTP_QUOTE_UNLINK",
- "SSH_SFTP_TRANS_INIT",
- "SSH_SFTP_UPLOAD_INIT",
- "SSH_SFTP_CREATE_DIRS_INIT",
- "SSH_SFTP_CREATE_DIRS",
- "SSH_SFTP_CREATE_DIRS_MKDIR",
- "SSH_SFTP_READDIR_INIT",
- "SSH_SFTP_READDIR",
- "SSH_SFTP_READDIR_LINK",
- "SSH_SFTP_READDIR_BOTTOM",
- "SSH_SFTP_READDIR_DONE",
- "SSH_SFTP_DOWNLOAD_INIT",
- "SSH_SFTP_DOWNLOAD_STAT",
- "SSH_SFTP_CLOSE",
- "SSH_SFTP_SHUTDOWN",
- "SSH_SCP_TRANS_INIT",
- "SSH_SCP_UPLOAD_INIT",
- "SSH_SCP_DOWNLOAD_INIT",
- "SSH_SCP_DONE",
- "SSH_SCP_SEND_EOF",
- "SSH_SCP_WAIT_EOF",
- "SSH_SCP_WAIT_CLOSE",
- "SSH_SCP_CHANNEL_FREE",
- "SSH_SESSION_DISCONNECT",
- "SSH_SESSION_FREE",
- "QUIT"
- };
- #endif
- struct ssh_conn *sshc = &conn->proto.sshc;
- #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
- if(sshc->state != nowstate) {
- infof(conn->data, "SFTP %p state change from %s to %s\n",
- sshc, names[sshc->state], names[nowstate]);
- }
- #endif
- sshc->state = nowstate;
- }
- /* figure out the path to work with in this particular request */
- static CURLcode ssh_getworkingpath(struct connectdata *conn,
- char *homedir, /* when SFTP is used */
- char **path) /* returns the allocated
- real path to work with */
- {
- struct SessionHandle *data = conn->data;
- char *real_path = NULL;
- char *working_path;
- int working_path_len;
- working_path = curl_easy_unescape(data, data->state.path, 0,
- &working_path_len);
- if(!working_path)
- return CURLE_OUT_OF_MEMORY;
- /* Check for /~/ , indicating relative to the user's home directory */
- if(conn->handler->protocol & CURLPROTO_SCP) {
- real_path = malloc(working_path_len+1);
- if(real_path == NULL) {
- free(working_path);
- return CURLE_OUT_OF_MEMORY;
- }
- if((working_path_len > 1) && (working_path[1] == '~'))
- /* It is referenced to the home directory, so strip the leading '/' */
- memcpy(real_path, working_path+1, 1 + working_path_len-1);
- else
- memcpy(real_path, working_path, 1 + working_path_len);
- }
- else if(conn->handler->protocol & CURLPROTO_SFTP) {
- if((working_path_len > 1) && (working_path[1] == '~')) {
- size_t homelen = strlen(homedir);
- real_path = malloc(homelen + working_path_len + 1);
- if(real_path == NULL) {
- free(working_path);
- return CURLE_OUT_OF_MEMORY;
- }
- /* It is referenced to the home directory, so strip the
- leading '/' */
- memcpy(real_path, homedir, homelen);
- real_path[homelen] = '/';
- real_path[homelen+1] = '\0';
- if(working_path_len > 3) {
- memcpy(real_path+homelen+1, working_path + 3,
- 1 + working_path_len -3);
- }
- }
- else {
- real_path = malloc(working_path_len+1);
- if(real_path == NULL) {
- free(working_path);
- return CURLE_OUT_OF_MEMORY;
- }
- memcpy(real_path, working_path, 1+working_path_len);
- }
- }
- free(working_path);
- /* store the pointer for the caller to receive */
- *path = real_path;
- return CURLE_OK;
- }
- #ifdef HAVE_LIBSSH2_KNOWNHOST_API
- static int sshkeycallback(CURL *easy,
- const struct curl_khkey *knownkey, /* known */
- const struct curl_khkey *foundkey, /* found */
- enum curl_khmatch match,
- void *clientp)
- {
- (void)easy;
- (void)knownkey;
- (void)foundkey;
- (void)clientp;
- /* we only allow perfect matches, and we reject everything else */
- return (match != CURLKHMATCH_OK)?CURLKHSTAT_REJECT:CURLKHSTAT_FINE;
- }
- #endif
- /*
- * Earlier libssh2 versions didn't have the ability to seek to 64bit positions
- * with 32bit size_t.
- */
- #ifdef HAVE_LIBSSH2_SFTP_SEEK64
- #define SFTP_SEEK(x,y) libssh2_sftp_seek64(x, (libssh2_uint64_t)y)
- #else
- #define SFTP_SEEK(x,y) libssh2_sftp_seek(x, (size_t)y)
- #endif
- /*
- * Earlier libssh2 versions didn't do SCP properly beyond 32bit sizes on 32bit
- * architectures so we check of the necessary function is present.
- */
- #ifndef HAVE_LIBSSH2_SCP_SEND64
- #define SCP_SEND(a,b,c,d) libssh2_scp_send_ex(a, b, (int)(c), (size_t)d, 0, 0)
- #else
- #define SCP_SEND(a,b,c,d) libssh2_scp_send64(a, b, (int)(c), \
- (libssh2_uint64_t)d, 0, 0)
- #endif
- /*
- * libssh2 1.2.8 fixed the problem with 32bit ints used for sockets on win64.
- */
- #ifdef HAVE_LIBSSH2_SESSION_HANDSHAKE
- #define libssh2_session_startup(x,y) libssh2_session_handshake(x,y)
- #endif
- static CURLcode ssh_knownhost(struct connectdata *conn)
- {
- CURLcode result = CURLE_OK;
- #ifdef HAVE_LIBSSH2_KNOWNHOST_API
- struct SessionHandle *data = conn->data;
- if(data->set.str[STRING_SSH_KNOWNHOSTS]) {
- /* we're asked to verify the host against a file */
- struct ssh_conn *sshc = &conn->proto.sshc;
- int rc;
- int keytype;
- size_t keylen;
- const char *remotekey = libssh2_session_hostkey(sshc->ssh_session,
- &keylen, &keytype);
- int keycheck = LIBSSH2_KNOWNHOST_CHECK_FAILURE;
- int keybit = 0;
- if(remotekey) {
- /*
- * A subject to figure out is what host name we need to pass in here.
- * What host name does OpenSSH store in its file if an IDN name is
- * used?
- */
- struct libssh2_knownhost *host;
- enum curl_khmatch keymatch;
- curl_sshkeycallback func =
- data->set.ssh_keyfunc?data->set.ssh_keyfunc:sshkeycallback;
- struct curl_khkey knownkey;
- struct curl_khkey *knownkeyp = NULL;
- struct curl_khkey foundkey;
- keybit = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)?
- LIBSSH2_KNOWNHOST_KEY_SSHRSA:LIBSSH2_KNOWNHOST_KEY_SSHDSS;
- keycheck = libssh2_knownhost_check(sshc->kh,
- conn->host.name,
- remotekey, keylen,
- LIBSSH2_KNOWNHOST_TYPE_PLAIN|
- LIBSSH2_KNOWNHOST_KEYENC_RAW|
- keybit,
- &host);
- infof(data, "SSH host check: %d, key: %s\n", keycheck,
- (keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH)?
- host->key:"<none>");
- /* setup 'knownkey' */
- if(keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH) {
- knownkey.key = host->key;
- knownkey.len = 0;
- knownkey.keytype = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)?
- CURLKHTYPE_RSA : CURLKHTYPE_DSS;
- knownkeyp = &knownkey;
- }
- /* setup 'foundkey' */
- foundkey.key = remotekey;
- foundkey.len = keylen;
- foundkey.keytype = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)?
- CURLKHTYPE_RSA : CURLKHTYPE_DSS;
- /*
- * if any of the LIBSSH2_KNOWNHOST_CHECK_* defines and the
- * curl_khmatch enum are ever modified, we need to introduce a
- * translation table here!
- */
- keymatch = (enum curl_khmatch)keycheck;
- /* Ask the callback how to behave */
- rc = func(data, knownkeyp, /* from the knownhosts file */
- &foundkey, /* from the remote host */
- keymatch, data->set.ssh_keyfunc_userp);
- }
- else
- /* no remotekey means failure! */
- rc = CURLKHSTAT_REJECT;
- switch(rc) {
- default: /* unknown return codes will equal reject */
- case CURLKHSTAT_REJECT:
- state(conn, SSH_SESSION_FREE);
- case CURLKHSTAT_DEFER:
- /* DEFER means bail out but keep the SSH_HOSTKEY state */
- result = sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
- break;
- case CURLKHSTAT_FINE:
- case CURLKHSTAT_FINE_ADD_TO_FILE:
- /* proceed */
- if(keycheck != LIBSSH2_KNOWNHOST_CHECK_MATCH) {
- /* the found host+key didn't match but has been told to be fine
- anyway so we add it in memory */
- int addrc = libssh2_knownhost_add(sshc->kh,
- conn->host.name, NULL,
- remotekey, keylen,
- LIBSSH2_KNOWNHOST_TYPE_PLAIN|
- LIBSSH2_KNOWNHOST_KEYENC_RAW|
- keybit, NULL);
- if(addrc)
- infof(data, "Warning adding the known host %s failed!\n",
- conn->host.name);
- else if(rc == CURLKHSTAT_FINE_ADD_TO_FILE) {
- /* now we write the entire in-memory list of known hosts to the
- known_hosts file */
- int wrc =
- libssh2_knownhost_writefile(sshc->kh,
- data->set.str[STRING_SSH_KNOWNHOSTS],
- LIBSSH2_KNOWNHOST_FILE_OPENSSH);
- if(wrc) {
- infof(data, "Warning, writing %s failed!\n",
- data->set.str[STRING_SSH_KNOWNHOSTS]);
- }
- }
- }
- break;
- }
- }
- #else /* HAVE_LIBSSH2_KNOWNHOST_API */
- (void)conn;
- #endif
- return result;
- }
- static CURLcode ssh_check_fingerprint(struct connectdata *conn)
- {
- struct ssh_conn *sshc = &conn->proto.sshc;
- struct SessionHandle *data = conn->data;
- const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5];
- char md5buffer[33];
- int i;
- const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
- LIBSSH2_HOSTKEY_HASH_MD5);
- if(fingerprint) {
- /* The fingerprint points to static storage (!), don't free() it. */
- for(i = 0; i < 16; i++)
- snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
- infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
- }
- /* Before we authenticate we check the hostkey's MD5 fingerprint
- * against a known fingerprint, if available.
- */
- if(pubkey_md5 && strlen(pubkey_md5) == 32) {
- if(!fingerprint || !strequal(md5buffer, pubkey_md5)) {
- if(fingerprint)
- failf(data,
- "Denied establishing ssh session: mismatch md5 fingerprint. "
- "Remote %s is not equal to %s", md5buffer, pubkey_md5);
- else
- failf(data,
- "Denied establishing ssh session: md5 fingerprint not available");
- state(conn, SSH_SESSION_FREE);
- sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
- return sshc->actualcode;
- }
- else {
- infof(data, "MD5 checksum match!\n");
- /* as we already matched, we skip the check for known hosts */
- return CURLE_OK;
- }
- }
- else
- return ssh_knownhost(conn);
- }
- /*
- * ssh_statemach_act() runs the SSH state machine as far as it can without
- * blocking and without reaching the end. The data the pointer 'block' points
- * to will be set to TRUE if the libssh2 function returns LIBSSH2_ERROR_EAGAIN
- * meaning it wants to be called again when the socket is ready
- */
- static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
- {
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- struct SSHPROTO *sftp_scp = data->state.proto.ssh;
- struct ssh_conn *sshc = &conn->proto.sshc;
- curl_socket_t sock = conn->sock[FIRSTSOCKET];
- char *new_readdir_line;
- int rc = LIBSSH2_ERROR_NONE;
- int err;
- int seekerr = CURL_SEEKFUNC_OK;
- *block = 0; /* we're not blocking by default */
- do {
- switch(sshc->state) {
- case SSH_INIT:
- sshc->secondCreateDirs = 0;
- sshc->nextstate = SSH_NO_STATE;
- sshc->actualcode = CURLE_OK;
- /* Set libssh2 to non-blocking, since everything internally is
- non-blocking */
- libssh2_session_set_blocking(sshc->ssh_session, 0);
- state(conn, SSH_S_STARTUP);
- /* fall-through */
- case SSH_S_STARTUP:
- rc = libssh2_session_startup(sshc->ssh_session, (int)sock);
- if(rc == LIBSSH2_ERROR_EAGAIN) {
- break;
- }
- else if(rc) {
- failf(data, "Failure establishing ssh session");
- state(conn, SSH_SESSION_FREE);
- sshc->actualcode = CURLE_FAILED_INIT;
- break;
- }
- state(conn, SSH_HOSTKEY);
- /* fall-through */
- case SSH_HOSTKEY:
- /*
- * Before we authenticate we should check the hostkey's fingerprint
- * against our known hosts. How that is handled (reading from file,
- * whatever) is up to us.
- */
- result = ssh_check_fingerprint(conn);
- if(result == CURLE_OK)
- state(conn, SSH_AUTHLIST);
- break;
- case SSH_AUTHLIST:
- /*
- * Figure out authentication methods
- * NB: As soon as we have provided a username to an openssh server we
- * must never change it later. Thus, always specify the correct username
- * here, even though the libssh2 docs kind of indicate that it should be
- * possible to get a 'generic' list (not user-specific) of authentication
- * methods, presumably with a blank username. That won't work in my
- * experience.
- * So always specify it here.
- */
- sshc->authlist = libssh2_userauth_list(sshc->ssh_session,
- conn->user,
- curlx_uztoui(strlen(conn->user)));
- if(!sshc->authlist) {
- if((err = libssh2_session_last_errno(sshc->ssh_session)) ==
- LIBSSH2_ERROR_EAGAIN) {
- rc = LIBSSH2_ERROR_EAGAIN;
- break;
- }
- else {
- state(conn, SSH_SESSION_FREE);
- sshc->actualcode = libssh2_session_error_to_CURLE(err);
- break;
- }
- }
- infof(data, "SSH authentication methods available: %s\n",
- sshc->authlist);
- state(conn, SSH_AUTH_PKEY_INIT);
- break;
- case SSH_AUTH_PKEY_INIT:
- /*
- * Check the supported auth types in the order I feel is most secure
- * with the requested type of authentication
- */
- sshc->authed = FALSE;
- if((data->set.ssh_auth_types & CURLSSH_AUTH_PUBLICKEY) &&
- (strstr(sshc->authlist, "publickey") != NULL)) {
- char *home = NULL;
- bool rsa_pub_empty_but_ok = FALSE;
- sshc->rsa_pub = sshc->rsa = NULL;
- /* To ponder about: should really the lib be messing about with the
- HOME environment variable etc? */
- home = curl_getenv("HOME");
- if(data->set.str[STRING_SSH_PUBLIC_KEY] &&
- !*data->set.str[STRING_SSH_PUBLIC_KEY])
- rsa_pub_empty_but_ok = true;
- else if(data->set.str[STRING_SSH_PUBLIC_KEY])
- sshc->rsa_pub = aprintf("%s", data->set.str[STRING_SSH_PUBLIC_KEY]);
- else if(home)
- sshc->rsa_pub = aprintf("%s/.ssh/id_dsa.pub", home);
- else
- /* as a final resort, try current dir! */
- sshc->rsa_pub = strdup("id_dsa.pub");
- if(!rsa_pub_empty_but_ok && (sshc->rsa_pub == NULL)) {
- Curl_safefree(home);
- state(conn, SSH_SESSION_FREE);
- sshc->actualcode = CURLE_OUT_OF_MEMORY;
- break;
- }
- if(data->set.str[STRING_SSH_PRIVATE_KEY])
- sshc->rsa = aprintf("%s", data->set.str[STRING_SSH_PRIVATE_KEY]);
- else if(home)
- sshc->rsa = aprintf("%s/.ssh/id_dsa", home);
- else
- /* as a final resort, try current dir! */
- sshc->rsa = strdup("id_dsa");
- if(sshc->rsa == NULL) {
- Curl_safefree(home);
- Curl_safefree(sshc->rsa_pub);
- state(conn, SSH_SESSION_FREE);
- sshc->actualcode = CURLE_OUT_OF_MEMORY;
- break;
- }
- sshc->passphrase = data->set.str[STRING_KEY_PASSWD];
- if(!sshc->passphrase)
- sshc->passphrase = "";
- Curl_safefree(home);
- infof(data, "Using ssh public key file %s\n", sshc->rsa_pub);
- infof(data, "Using ssh private key file %s\n", sshc->rsa);
- state(conn, SSH_AUTH_PKEY);
- }
- else {
- state(conn, SSH_AUTH_PASS_INIT);
- }
- break;
- case SSH_AUTH_PKEY:
- /* The function below checks if the files exists, no need to stat() here.
- */
- rc = libssh2_userauth_publickey_fromfile_ex(sshc->ssh_session,
- conn->user,
- curlx_uztoui(
- strlen(conn->user)),
- sshc->rsa_pub,
- sshc->rsa, sshc->passphrase);
- if(rc == LIBSSH2_ERROR_EAGAIN) {
- break;
- }
- Curl_safefree(sshc->rsa_pub);
- Curl_safefree(sshc->rsa);
- if(rc == 0) {
- sshc->authed = TRUE;
- infof(data, "Initialized SSH public key authentication\n");
- state(conn, SSH_AUTH_DONE);
- }
- else {
- char *err_msg;
- (void)libssh2_session_last_error(sshc->ssh_session,
- &err_msg, NULL, 0);
- infof(data, "SSH public key authentication failed: %s\n", err_msg);
- state(conn, SSH_AUTH_PASS_INIT);
- }
- break;
- case SSH_AUTH_PASS_INIT:
- if((data->set.ssh_auth_types & CURLSSH_AUTH_PASSWORD) &&
- (strstr(sshc->authlist, "password") != NULL)) {
- state(conn, SSH_AUTH_PASS);
- }
- else {
- state(conn, SSH_AUTH_HOST_INIT);
- }
- break;
- case SSH_AUTH_PASS:
- rc = libssh2_userauth_password_ex(sshc->ssh_session, conn->user,
- curlx_uztoui(strlen(conn->user)),
- conn->passwd,
- curlx_uztoui(strlen(conn->passwd)),
- NULL);
- if(rc == LIBSSH2_ERROR_EAGAIN) {
- break;
- }
- else if(rc == 0) {
- sshc->authed = TRUE;
- infof(data, "Initialized password authentication\n");
- state(conn, SSH_AUTH_DONE);
- }
- else {
- state(conn, SSH_AUTH_HOST_INIT);
- }
- break;
- case SSH_AUTH_HOST_INIT:
- if((data->set.ssh_auth_types & CURLSSH_AUTH_HOST) &&
- (strstr(sshc->authlist, "hostbased") != NULL)) {
- state(conn, SSH_AUTH_HOST);
- }
- else {
- state(conn, SSH_AUTH_AGENT_INIT);
- }
- break;
- case SSH_AUTH_HOST:
- state(conn, SSH_AUTH_AGENT_INIT);
- break;
- case SSH_AUTH_AGENT_INIT:
- #ifdef HAVE_LIBSSH2_AGENT_API
- if((data->set.ssh_auth_types & CURLSSH_AUTH_AGENT)
- && (strstr(sshc->authlist, "publickey") != NULL)) {
- /* Connect to the ssh-agent */
- /* The agent could be shared by a curl thread i believe
- but nothing obvious as keys can be added/removed at any time */
- if(!sshc->ssh_agent) {
- sshc->ssh_agent = libssh2_agent_init(sshc->ssh_session);
- if(!sshc->ssh_agent) {
- infof(data, "Could not create agent object\n");
- state(conn, SSH_AUTH_KEY_INIT);
- }
- }
- rc = libssh2_agent_connect(sshc->ssh_agent);
- if(rc == LIBSSH2_ERROR_EAGAIN)
- break;
- if(rc < 0) {
- infof(data, "Failure connecting to agent\n");
- state(conn, SSH_AUTH_KEY_INIT);
- }
- else {
- state(conn, SSH_AUTH_AGENT_LIST);
- }
- }
- else
- #endif /* HAVE_LIBSSH2_AGENT_API */
- state(conn, SSH_AUTH_KEY_INIT);
- break;
- case SSH_AUTH_AGENT_LIST:
- #ifdef HAVE_LIBSSH2_AGENT_API
- rc = libssh2_agent_list_identities(sshc->ssh_agent);
- if(rc == LIBSSH2_ERROR_EAGAIN)
- break;
- if(rc < 0) {
- infof(data, "Failure requesting identities to agent\n");
- state(conn, SSH_AUTH_KEY_INIT);
- }
- else {
- state(conn, SSH_AUTH_AGENT);
- sshc->sshagent_prev_identity = NULL;
- }
- #endif
- break;
- case SSH_AUTH_AGENT:
- #ifdef HAVE_LIBSSH2_AGENT_API
- /* as prev_identity evolves only after an identity user auth finished we
- can safely request it again as long as EAGAIN is returned here or by
- libssh2_agent_userauth */
- rc = libssh2_agent_get_identity(sshc->ssh_agent,
- &sshc->sshagent_identity,
- sshc->sshagent_prev_identity);
- if(rc == LIBSSH2_ERROR_EAGAIN)
- break;
- if(rc == 0) {
- rc = libssh2_agent_userauth(sshc->ssh_agent, conn->user,
- sshc->sshagent_identity);
- if(rc < 0) {
- if(rc != LIBSSH2_ERROR_EAGAIN) {
- /* tried and failed? go to next identity */
- sshc->sshagent_prev_identity = sshc->sshagent_identity;
- }
- break;
- }
- }
- if(rc < 0)
- infof(data, "Failure requesting identities to agent\n");
- else if(rc == 1)
- infof(data, "No identity would match\n");
- if(rc == LIBSSH2_ERROR_NONE) {
- sshc->authed = TRUE;
- infof(data, "Agent based authentication successful\n");
- state(conn, SSH_AUTH_DONE);
- }
- else
- state(conn, SSH_AUTH_KEY_INIT);
- #endif
- break;
- case SSH_AUTH_KEY_INIT:
- if((data->set.ssh_auth_types & CURLSSH_AUTH_KEYBOARD)
- && (strstr(sshc->authlist, "keyboard-interactive") != NULL)) {
- state(conn, SSH_AUTH_KEY);
- }
- else {
- state(conn, SSH_AUTH_DONE);
- }
- break;
- case SSH_AUTH_KEY:
- /* Authentication failed. Continue with keyboard-interactive now. */
- rc = libssh2_userauth_keyboard_interactive_ex(sshc->ssh_session,
- conn->user,
- curlx_uztoui(
- strlen(conn->user)),
- &kbd_callback);
- if(rc == LIBSSH2_ERROR_EAGAIN) {
- break;
- }
- else if(rc == 0) {
- sshc->authed = TRUE;
- infof(data, "Initialized keyboard interactive authentication\n");
- }
- state(conn, SSH_AUTH_DONE);
- break;
- case SSH_AUTH_DONE:
- if(!sshc->authed) {
- failf(data, "Authentication failure");
- state(conn, SSH_SESSION_FREE);
- sshc->actualcode = CURLE_LOGIN_DENIED;
- break;
- }
- /*
- * At this point we have an authenticated ssh session.
- */
- infof(data, "Authentication complete\n");
- Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSH is connected */
- conn->sockfd = sock;
- conn->writesockfd = CURL_SOCKET_BAD;
- if(conn->handler->protocol == CURLPROTO_SFTP) {
- state(conn, SSH_SFTP_INIT);
- break;
- }
- infof(data, "SSH CONNECT phase done\n");
- state(conn, SSH_STOP);
- break;
- case SSH_SFTP_INIT:
- /*
- * Start the libssh2 sftp session
- */
- sshc->sftp_session = libssh2_sftp_init(sshc->ssh_session);
- if(!sshc->sftp_session) {
- if(libssh2_session_last_errno(sshc->ssh_session) ==
- LIBSSH2_ERROR_EAGAIN) {
- rc = LIBSSH2_ERROR_EAGAIN;
- break;
- }
- else {
- char *err_msg;
- (void)libssh2_session_last_error(sshc->ssh_session,
- &err_msg, NULL, 0);
- failf(data, "Failure initializing sftp session: %s", err_msg);
- state(conn, SSH_SESSION_FREE);
- sshc->actualcode = CURLE_FAILED_INIT;
- break;
- }
- }
- state(conn, SSH_SFTP_REALPATH);
- break;
- case SSH_SFTP_REALPATH:
- {
- char tempHome[PATH_MAX];
- /*
- * Get the "home" directory
- */
- rc = sftp_libssh2_realpath(sshc->sftp_session, ".",
- tempHome, PATH_MAX-1);
- if(rc == LIBSSH2_ERROR_EAGAIN) {
- break;
- }
- else if(rc > 0) {
- /* It seems that this string is not always NULL terminated */
- tempHome[rc] = '\0';
- sshc->homedir = strdup(tempHome);
- if(!sshc->homedir) {
- state(conn, SSH_SFTP_CLOSE);
- sshc->actualcode = CURLE_OUT_OF_MEMORY;
- break;
- }
- conn->data->state.most_recent_ftp_entrypath = sshc->homedir;
- }
- else {
- /* Return the error type */
- err = sftp_libssh2_last_error(sshc->sftp_session);
- result = sftp_libssh2_error_to_CURLE(err);
- sshc->actualcode = result?result:CURLE_SSH;
- DEBUGF(infof(data, "error = %d makes libcurl = %d\n",
- err, (int)result));
- state(conn, SSH_STOP);
- break;
- }
- }
- /* This is the last step in the SFTP connect phase. Do note that while
- we get the homedir here, we get the "workingpath" in the DO action
- since the homedir will remain the same between request but the
- working path will not. */
- DEBUGF(infof(data, "SSH CONNECT phase done\n"));
- state(conn, SSH_STOP);
- break;
- case SSH_SFTP_QUOTE_INIT:
- result = ssh_getworkingpath(conn, sshc->homedir, &sftp_scp->path);
- if(result) {
- sshc->actualcode = result;
- state(conn, SSH_STOP);
- break;
- }
- if(data->set.quote) {
- infof(data, "Sending quote commands\n");
- sshc->quote_item = data->set.quote;
- state(conn, SSH_SFTP_QUOTE);
- }
- else {
- state(conn, SSH_SFTP_TRANS_INIT);
- }
- break;
- case SSH_SFTP_POSTQUOTE_INIT:
- if(data->set.postquote) {
- infof(data, "Sending quote commands\n");
- sshc->quote_item = data->set.postquote;
- state(conn, SSH_SFTP_QUOTE);
- }
- else {
- state(conn, SSH_STOP);
- }
- break;
- case SSH_SFTP_QUOTE:
- /* Send any quote commands */
- {
- const char *cp;
- /*
- * Support some of the "FTP" commands
- */
- char *cmd = sshc->quote_item->data;
- sshc->acceptfail = FALSE;
- /* if a command starts with an asterisk, which a legal SFTP command never
- can, the command will be allowed to fail without it causing any
- aborts or cancels etc. It will cause libcurl to act as if the command
- is successful, whatever the server reponds. */
- if(cmd[0] == '*') {
- cmd++;
- sshc->acceptfail = TRUE;
- }
- if(curl_strequal("pwd", cmd)) {
- /* output debug output if that is requested */
- char *tmp = aprintf("257 \"%s\" is current directory.\n",
- sftp_scp->path);
- if(!tmp) {
- result = CURLE_OUT_OF_MEMORY;
- state(conn, SSH_SFTP_CLOSE);
- sshc->nextstate = SSH_NO_STATE;
- break;
- }
- if(data->set.verbose) {
- Curl_debug(data, CURLINFO_HEADER_OUT, (char *)"PWD\n", 4, conn);
- Curl_debug(data, CURLINFO_HEADER_IN, tmp, strlen(tmp), conn);
- }
- /* this sends an FTP-like "header" to the header callback so that the
- current directory can be read very similar to how it is read when
- using ordinary FTP. */
- result = Curl_client_write(conn, CLIENTWRITE_HEADER, tmp, strlen(tmp));
- free(tmp);
- state(conn, SSH_SFTP_NEXT_QUOTE);
- break;
- }
- else if(cmd) {
- /*
- * the arguments following the command must be separated from the
- * command with a space so we can check for it unconditionally
- */
- cp = strchr(cmd, ' ');
- if(cp == NULL) {
- failf(data, "Syntax error in SFTP command. Supply parameter(s)!");
- state(conn, SSH_SFTP_CLOSE);
- sshc->nextstate = SSH_NO_STATE;
- sshc->actualcode = CURLE_QUOTE_ERROR;
- break;
- }
- /*
- * also, every command takes at least one argument so we get that
- * first argument right now
- */
- result = get_pathname(&cp, &sshc->quote_path1);
- if(result) {
- if(result == CURLE_OUT_OF_MEMORY)
- failf(data, "Out of memory");
- else
- failf(data, "Syntax error: Bad first parameter");
- state(conn, SSH_SFTP_CLOSE);
- sshc->nextstate = SSH_NO_STATE;
- sshc->actualcode = result;
- break;
- }
- /*
- * SFTP is a binary protocol, so we don't send text commands to
- * the server. Instead, we scan for commands for commands used by
- * OpenSSH's sftp program and call the appropriate libssh2
- * functions.
- */
- if(curl_strnequal(cmd, "chgrp ", 6) ||
- curl_strnequal(cmd, "chmod ", 6) ||
- curl_strnequal(cmd, "chown ", 6) ) {
- /* attribute change */
- /* sshc->quote_path1 contains the mode to set */
- /* get the destination */
- result = get_pathname(&cp, &sshc->quote_path2);
- if(result) {
- if(result == CURLE_OUT_OF_MEMORY)
- failf(data, "Out of memory");
- else
- failf(data, "Syntax error in chgrp/chmod/chown: "
- "Bad second parameter");
- Curl_safefree(sshc->quote_path1);
- state(conn, SSH_SFTP_CLOSE);
- sshc->nextstate = SSH_NO_STATE;
- sshc->actualcode = result;
- break;
- }
- memset(&sshc->quote_attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES));
- state(conn, SSH_SFTP_QUOTE_STAT);
- break;
- }
- else if(curl_strnequal(cmd, "ln ", 3) ||
- curl_strnequal(cmd, "symlink ", 8)) {
- /* symbolic linking */
- /* sshc->quote_path1 is the source */
- /* get the destination */
- result = get_pathname(&cp, &sshc->quote_path2);
- if(result) {
- if(result == CURLE_OUT_OF_MEMORY)
- failf(data, "Out of memory");
- else
- failf(data,
- "Syntax error in ln/symlink: Bad second parameter");
- Curl_safefree(sshc->quote_path1);
- state(conn, SSH_SFTP_CLOSE);
- sshc->nextstate = SSH_NO_STATE;
- sshc->actualcode = result;
- break;
- }
- state(conn, SSH_SFTP_QUOTE_SYMLINK);
- break;
- }
- else if(curl_strnequal(cmd, "mkdir ", 6)) {
- /* create dir */
- state(conn, SSH_SFTP_QUOTE_MKDIR);
- break;
- }
- else if(curl_strnequal(cmd, "rename ", 7)) {
- /* rename file */
- /* first param is the source path */
- /* second param is the dest. path */
- result = get_pathname(&cp, &sshc->quote_path2);
- if(result) {
- if(result == CURLE_OUT_OF_MEMORY)
- failf(data, "Out of memory");
- else
- failf(data, "Syntax error in rename: Bad second parameter");
- Curl_safefree(sshc->quote_path1);
- state(conn, SSH_SFTP_CLOSE);
- sshc->nextstate = SSH_NO_STATE;
- sshc->actualcode = result;
- break;
- }
- state(conn, SSH_SFTP_QUOTE_RENAME);
- break;
- }
- else if(curl_strnequal(cmd, "rmdir ", 6)) {
- /* delete dir */
- state(conn, SSH_SFTP_QUOTE_RMDIR);
- break;
- }
- else if(curl_strnequal(cmd, "rm ", 3)) {
- state(conn, SSH_SFTP_QUOTE_UNLINK);
- break;
- }
- failf(data, "Unknown SFTP command");
- Curl_safefree(sshc->quote_path1);
- Curl_safefree(sshc->quote_path2);
- state(conn, SSH_SFTP_CLOSE);
- sshc->nextstate = SSH_NO_STATE;
- sshc->actualcode = CURLE_QUOTE_ERROR;
- break;
- }
- }
- if(!sshc->quote_item) {
- state(conn, SSH_SFTP_TRANS_INIT);
- }
- break;
- case SSH_SFTP_NEXT_QUOTE:
- Curl_safefree(sshc->quote_path1);
- Curl_safefree(sshc->quote_path2);
- sshc->quote_item = sshc->quote_item->next;
- if(sshc->quote_item) {
- state(conn, SSH_SFTP_QUOTE);
- }
- else {
- if(sshc->nextstate != SSH_NO_STATE) {
- state(conn, sshc->nextstate);
- sshc->nextstate = SSH_NO_STATE;
- }
- else {
- state(conn, SSH_SFTP_TRANS_INIT);
- }
- }
- break;
- case SSH_SFTP_QUOTE_STAT:
- {
- char *cmd = sshc->quote_item->data;
- sshc->acceptfail = FALSE;
- /* if a command starts with an asterisk, which a legal SFTP command never
- can, the command will be allowed to fail without it causing any
- aborts or cancels etc. It will cause libcurl to act as if the command
- is successful, whatever the server reponds. */
- if(cmd[0] == '*') {
- cmd++;
- sshc->acceptfail = TRUE;
- }
- if(!curl_strnequal(cmd, "chmod", 5)) {
- /* Since chown and chgrp only set owner OR group but libssh2 wants to
- * set them both at once, we need to obtain the current ownership
- * first. This takes an extra protocol round trip.
- */
- rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshc->quote_path2,
- curlx_uztoui(strlen(sshc->quote_path2)),
- LIBSSH2_SFTP_STAT,
- &sshc->quote_attrs);
- if(rc == LIBSSH2_ERROR_EAGAIN) {
- break;
- }
- else if(rc != 0 && !sshc->acceptfail) { /* get those attributes */
- err = sftp_libssh2_last_error(sshc->sftp_session);
- Curl_safefree(sshc->quote_path1);
- Curl_safefree(sshc->quote_path2);
- failf(data, "Attempt to get SFTP stats failed: %s",
- sftp_libssh2_strerror(err));
- state(conn, SSH_SFTP_CLOSE);
- sshc->nextstate = SSH_NO_STATE;
- sshc->actualcode = CURLE_QUOTE_ERROR;
- break;
- }
- }
- /* Now set the new attributes... */
- if(curl_strnequal(cmd, "chgrp", 5)) {
- sshc->quote_attrs.gid = strtoul(sshc->quote_path1, NULL, 10);
- sshc->quote_attrs.flags = LIBSSH2_SFTP_ATTR_UIDGID;
- if(sshc->quote_attrs.gid == 0 && !ISDIGIT(sshc->quote_path1[0]) &&
- !sshc->acceptfail) {
- Curl_safefree(sshc->quote_path1);
- Curl_safefree(sshc->quote_path2);
- failf(data, "Syntax error: chgrp gid not a number");
- state(conn, SSH_SFTP_CLOSE);
- sshc->nextstate = SSH_NO_STATE;
- sshc->actualcode = CURLE_QUOTE_ERROR;
- break;
- }
- }
- else if(curl_strnequal(cmd, "chmod", 5)) {
- sshc->quote_attrs.permissions = strtoul(sshc->quote_path1, NULL, 8);
- sshc->quote_attrs.flags = LIBSSH2_SFTP_ATTR_PERMISSIONS;
- /* permissions are octal */
- if(sshc->quote_attrs.permissions == 0 &&
- !ISDIGIT(sshc->quote_path1[0])) {
- Curl_safefree(sshc->quote_path1);
- Curl_safefree(sshc->quote_path2);
- failf(data, "Syntax error: chmod permissions not a number");
- state(conn, SSH_SFTP_CLOSE);
- sshc->nextstate = SSH_NO_STATE;
- sshc->actualcode = CURLE_QUOTE_ERROR;
- break;
- }
- }
- else if(curl_strnequal(cmd, "chown", 5)) {
- sshc->quote_attrs.uid = strtoul(sshc->quote_path1, NULL, 10);
- sshc->quote_attrs.flags = LIBSSH2_SFTP_ATTR_UIDGID;
- if(sshc->quote_attrs.uid == 0 && !ISDIGIT(sshc->quote_path1[0]) &&
- !sshc->acceptfail) {
- Curl_safefree(sshc->quote_path1);
- Curl_safefree(sshc->quote_path2);
- failf(data, "Syntax error: chown uid not a number");
- state(conn, SSH_SFTP_CLOSE);
- sshc->nextstate = SSH_NO_STATE;
- sshc->actualcode = CURLE_QUOTE_ERROR;
- break;
- }
- }
- /* Now send the completed structure... */
- state(conn, SSH_SFTP_QUOTE_SETSTAT);
- break;
- }
- case SSH_SFTP_QUOTE_SETSTAT:
- rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshc->quote_path2,
- curlx_uztoui(strlen(sshc->quote_path2)),
- LIBSSH2_SFTP_SETSTAT,
- &sshc->quote_attrs);
- if(rc == LIBSSH2_ERROR_EAGAIN) {
- break;
- }
- else if(rc != 0 && !sshc->acceptfail) {
- err = sftp_libssh2_last_error(sshc->sftp_session);
- Curl_safefree(sshc->quote_path1);
- Curl_safefree(sshc->quote_path2);
- failf(data, "Attempt to set SFTP stats failed: %s",
- sftp_libssh2_strerror(err));
- state(conn, SSH_SFTP_CLOSE);
- sshc->nextstate = SSH_NO_STATE;
- sshc->actualcode = CURLE_QUOTE_ERROR;
- break;
- }
- state(conn, SSH_SFTP_NEXT_QUOTE);
- break;
- case SSH_SFTP_QUOTE_SYMLINK:
- rc = libssh2_sftp_symlink_ex(sshc->sftp_session, sshc->quote_path1,
- curlx_uztoui(strlen(sshc->quote_path1)),
- sshc->quote_path2,
- curlx_uztoui(strlen(sshc->quote_path2)),
- LIBSSH2_SFTP_SYMLINK);
- if(rc == LIBSSH2_ERROR_EAGAIN) {
- break;
- }
- else if(rc != 0 && !sshc->acceptfail) {
- err = sftp_libssh2_last_error(sshc->sftp_session);
- Curl_safefree(sshc->quote_path1);
- Curl_safefree(sshc->quote_path2);
- failf(data, "symlink command failed: %s",
- sftp_libssh2_strerror(err));
- state(conn, SSH_SFTP_CLOSE);
- sshc->nextstate = SSH_NO_STATE;
- sshc->actualcode = CURLE_QUOTE_ERROR;
- break;
- }
- state(conn, SSH_SFTP_NEXT_QUOTE);
- break;
- case SSH_SFTP_QUOTE_MKDIR:
- rc = libssh2_sftp_mkdir_ex(sshc->sftp_session, sshc->quote_path1,
- curlx_uztoui(strlen(sshc->quote_path1)),
- data->set.new_directory_perms);
- if(rc == LIBSSH2_ERROR_EAGAIN) {
- break;
- }
- else if(rc != 0 && !sshc->acceptfail) {
- err = sftp_libssh2_last_error(sshc->sftp_session);
- Curl_safefree(sshc->quote_path1);
- failf(data, "mkdir command failed: %s", sftp_libssh2_strerror(err));
- state(conn, SSH_SFTP_CLOSE);
- sshc->nextstate = SSH_NO_STATE;
- sshc->actualcode = CURLE_QUOTE_ERROR;
- break;
- }
- state(conn, SSH_SFTP_NEXT_QUOTE);
- break;
- case SSH_SFTP_QUOTE_RENAME:
- rc = libssh2_sftp_rename_ex(sshc->sftp_session, sshc->quote_path1,
- curlx_uztoui(strlen(sshc->quote_path1)),
- sshc->quote_path2,
- curlx_uztoui(strlen(sshc->quote_path2)),
- LIBSSH2_SFTP_RENAME_OVERWRITE |
- LIBSSH2_SFTP_RENAME_ATOMIC |
- LIBSSH2_SFTP_RENAME_NATIVE);
- if(rc == LIBSSH2_ERROR_EAGAIN) {
- break;
- }
- else if(rc != 0 && !sshc->acceptfail) {
- err = sftp_libssh2_last_error(sshc->sftp_session);
- Curl_safefree(sshc->quote_path1);
- Curl_safefree(sshc->quote_path2);
- failf(data, "rename command failed: %s", sftp_libssh2_strerror(err));
- state(conn, SSH_SFT…
Large files files are truncated, but you can click here to view the full file