luna - curl/lib/vssh/libssh2.c

   1/***************************************************************************
   2 *                                  _   _ ____  _
   3 *  Project                     ___| | | |  _ \| |
   4 *                             / __| | | | |_) | |
   5 *                            | (__| |_| |  _ <| |___
   6 *                             \___|\___/|_| \_\_____|
   7 *
   8 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
   9 *
  10 * This software is licensed as described in the file COPYING, which
  11 * you should have received as part of this distribution. The terms
  12 * are also available at https://curl.se/docs/copyright.html.
  13 *
  14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15 * copies of the Software, and permit persons to whom the Software is
  16 * furnished to do so, under the terms of the COPYING file.
  17 *
  18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19 * KIND, either express or implied.
  20 *
  21 * SPDX-License-Identifier: curl
  22 *
  23 ***************************************************************************/
  24#include "curl_setup.h"
  25
  26#ifdef USE_LIBSSH2
  27
  28/* #define CURL_LIBSSH2_DEBUG */
  29
  30#ifdef HAVE_NETINET_IN_H
  31#include <netinet/in.h>
  32#endif
  33#ifdef HAVE_ARPA_INET_H
  34#include <arpa/inet.h>
  35#endif
  36#ifdef HAVE_NETDB_H
  37#include <netdb.h>
  38#endif
  39#ifdef __VMS
  40#include <in.h>
  41#include <inet.h>
  42#endif
  43
  44#include "urldata.h"
  45#include "sendf.h"
  46#include "curl_trc.h"
  47#include "hostip.h"
  48#include "progress.h"
  49#include "transfer.h"
  50#include "vssh/ssh.h"
  51#include "url.h"
  52#include "cfilters.h"
  53#include "connect.h"
  54#include "parsedate.h" /* for the week day and month names */
  55#include "multiif.h"
  56#include "select.h"
  57#include "curlx/fopen.h"
  58#include "vssh/vssh.h"
  59#include "curlx/strparse.h"
  60#include "curlx/base64.h" /* for curlx_base64_encode() */
  61
  62static const char *sftp_libssh2_strerror(unsigned long err)
  63{
  64  switch(err) {
  65  case LIBSSH2_FX_NO_SUCH_FILE:
  66    return "No such file or directory";
  67
  68  case LIBSSH2_FX_PERMISSION_DENIED:
  69    return "Permission denied";
  70
  71  case LIBSSH2_FX_FAILURE:
  72    return "Operation failed";
  73
  74  case LIBSSH2_FX_BAD_MESSAGE:
  75    return "Bad message from SFTP server";
  76
  77  case LIBSSH2_FX_NO_CONNECTION:
  78    return "Not connected to SFTP server";
  79
  80  case LIBSSH2_FX_CONNECTION_LOST:
  81    return "Connection to SFTP server lost";
  82
  83  case LIBSSH2_FX_OP_UNSUPPORTED:
  84    return "Operation not supported by SFTP server";
  85
  86  case LIBSSH2_FX_INVALID_HANDLE:
  87    return "Invalid handle";
  88
  89  case LIBSSH2_FX_NO_SUCH_PATH:
  90    return "No such file or directory";
  91
  92  case LIBSSH2_FX_FILE_ALREADY_EXISTS:
  93    return "File already exists";
  94
  95  case LIBSSH2_FX_WRITE_PROTECT:
  96    return "File is write protected";
  97
  98  case LIBSSH2_FX_NO_MEDIA:
  99    return "No media";
 100
 101  case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM:
 102    return "Disk full";
 103
 104  case LIBSSH2_FX_QUOTA_EXCEEDED:
 105    return "User quota exceeded";
 106
 107  case LIBSSH2_FX_UNKNOWN_PRINCIPLE:
 108    return "Unknown principle";
 109
 110  case LIBSSH2_FX_LOCK_CONFlICT:
 111    return "File lock conflict";
 112
 113  case LIBSSH2_FX_DIR_NOT_EMPTY:
 114    return "Directory not empty";
 115
 116  case LIBSSH2_FX_NOT_A_DIRECTORY:
 117    return "Not a directory";
 118
 119  case LIBSSH2_FX_INVALID_FILENAME:
 120    return "Invalid filename";
 121
 122  case LIBSSH2_FX_LINK_LOOP:
 123    return "Link points to itself";
 124  }
 125  return "Unknown error in libssh2";
 126}
 127
 128static void kbd_callback(const char *name, int name_len,
 129                         const char *instruction, int instruction_len,
 130                         int num_prompts,
 131                         const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts,
 132                         LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses,
 133                         void **abstract)
 134{
 135  struct Curl_easy *data = (struct Curl_easy *)*abstract;
 136
 137#ifdef CURL_LIBSSH2_DEBUG
 138  curl_mfprintf(stderr, "name=%s\n", name);
 139  curl_mfprintf(stderr, "name_len=%d\n", name_len);
 140  curl_mfprintf(stderr, "instruction=%s\n", instruction);
 141  curl_mfprintf(stderr, "instruction_len=%d\n", instruction_len);
 142  curl_mfprintf(stderr, "num_prompts=%d\n", num_prompts);
 143#else
 144  (void)name;
 145  (void)name_len;
 146  (void)instruction;
 147  (void)instruction_len;
 148#endif /* CURL_LIBSSH2_DEBUG */
 149  if(num_prompts == 1) {
 150    struct connectdata *conn = data->conn;
 151    const char *passwd = Curl_creds_passwd(conn->creds);
 152    /* this function must allocate memory that can be freed by libssh2, which
 153       uses the LIBSSH2_FREE_FUNC callback */
 154    responses[0].text = Curl_cstrdup(passwd);
 155    responses[0].length =
 156      responses[0].text == NULL ? 0 : curlx_uztoui(strlen(passwd));
 157  }
 158  (void)prompts;
 159} /* kbd_callback */
 160
 161static CURLcode sftp_libssh2_error_to_CURLE(unsigned long err)
 162{
 163  switch(err) {
 164  case LIBSSH2_FX_OK:
 165    return CURLE_OK;
 166
 167  case LIBSSH2_FX_NO_SUCH_FILE:
 168  case LIBSSH2_FX_NO_SUCH_PATH:
 169    return CURLE_REMOTE_FILE_NOT_FOUND;
 170
 171  case LIBSSH2_FX_PERMISSION_DENIED:
 172  case LIBSSH2_FX_WRITE_PROTECT:
 173  case LIBSSH2_FX_LOCK_CONFlICT:
 174    return CURLE_REMOTE_ACCESS_DENIED;
 175
 176  case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM:
 177  case LIBSSH2_FX_QUOTA_EXCEEDED:
 178    return CURLE_REMOTE_DISK_FULL;
 179
 180  case LIBSSH2_FX_FILE_ALREADY_EXISTS:
 181    return CURLE_REMOTE_FILE_EXISTS;
 182
 183  case LIBSSH2_FX_DIR_NOT_EMPTY:
 184    return CURLE_QUOTE_ERROR;
 185
 186  default:
 187    break;
 188  }
 189
 190  return CURLE_SSH;
 191}
 192
 193static CURLcode libssh2_session_error_to_CURLE(int err)
 194{
 195  switch(err) {
 196  /* Ordered by order of appearance in libssh2.h */
 197  case LIBSSH2_ERROR_NONE:
 198    return CURLE_OK;
 199
 200  /* This is the error returned by libssh2_scp_recv2
 201   * on unknown file */
 202  case LIBSSH2_ERROR_SCP_PROTOCOL:
 203    return CURLE_REMOTE_FILE_NOT_FOUND;
 204
 205  case LIBSSH2_ERROR_SOCKET_NONE:
 206    return CURLE_COULDNT_CONNECT;
 207
 208  case LIBSSH2_ERROR_ALLOC:
 209    return CURLE_OUT_OF_MEMORY;
 210
 211  case LIBSSH2_ERROR_SOCKET_SEND:
 212    return CURLE_SEND_ERROR;
 213
 214  case LIBSSH2_ERROR_HOSTKEY_INIT:
 215  case LIBSSH2_ERROR_HOSTKEY_SIGN:
 216  case LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED:
 217  case LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED:
 218    return CURLE_PEER_FAILED_VERIFICATION;
 219
 220  case LIBSSH2_ERROR_PASSWORD_EXPIRED:
 221    return CURLE_LOGIN_DENIED;
 222
 223  case LIBSSH2_ERROR_SOCKET_TIMEOUT:
 224  case LIBSSH2_ERROR_TIMEOUT:
 225    return CURLE_OPERATION_TIMEDOUT;
 226
 227  case LIBSSH2_ERROR_EAGAIN:
 228    return CURLE_AGAIN;
 229  }
 230
 231  return CURLE_SSH;
 232}
 233
 234/* These functions are made to use the libcurl memory functions - NOT the
 235   debugmem functions, as that leads us to trigger on libssh2 memory leaks
 236   that are not ours to care for */
 237
 238static LIBSSH2_ALLOC_FUNC(my_libssh2_malloc)
 239{
 240  (void)abstract;
 241  return Curl_cmalloc(count);
 242}
 243
 244static LIBSSH2_REALLOC_FUNC(my_libssh2_realloc)
 245{
 246  (void)abstract;
 247  return Curl_crealloc(ptr, count);
 248}
 249
 250static LIBSSH2_FREE_FUNC(my_libssh2_free)
 251{
 252  (void)abstract;
 253  if(ptr) /* ssh2 agent sometimes call free with null ptr */
 254    Curl_cfree(ptr);
 255}
 256
 257static int sshkeycallback(CURL *easy,
 258                          const struct curl_khkey *knownkey, /* known */
 259                          const struct curl_khkey *foundkey, /* found */
 260                          enum curl_khmatch match,
 261                          void *clientp)
 262{
 263  (void)easy;
 264  (void)knownkey;
 265  (void)foundkey;
 266  (void)clientp;
 267
 268  /* we only allow perfect matches, and we reject everything else */
 269  return (match != CURLKHMATCH_OK) ? CURLKHSTAT_REJECT : CURLKHSTAT_FINE;
 270}
 271
 272static enum curl_khtype convert_ssh2_keytype(int sshkeytype)
 273{
 274  enum curl_khtype keytype = CURLKHTYPE_UNKNOWN;
 275  switch(sshkeytype) {
 276  case LIBSSH2_HOSTKEY_TYPE_RSA:
 277    keytype = CURLKHTYPE_RSA;
 278    break;
 279  case LIBSSH2_HOSTKEY_TYPE_DSS:
 280    keytype = CURLKHTYPE_DSS;
 281    break;
 282#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256
 283  case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
 284    keytype = CURLKHTYPE_ECDSA;
 285    break;
 286#endif
 287#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_384
 288  case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
 289    keytype = CURLKHTYPE_ECDSA;
 290    break;
 291#endif
 292#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_521
 293  case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
 294    keytype = CURLKHTYPE_ECDSA;
 295    break;
 296#endif
 297#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
 298  case LIBSSH2_HOSTKEY_TYPE_ED25519:
 299    keytype = CURLKHTYPE_ED25519;
 300    break;
 301#endif
 302  }
 303  return keytype;
 304}
 305
 306static CURLcode ssh_knownhost(struct Curl_easy *data,
 307                              struct ssh_conn *sshc)
 308{
 309  int sshkeytype = 0;
 310  size_t keylen = 0;
 311  int rc = 0;
 312  CURLcode result = CURLE_OK;
 313
 314  if(data->set.str[STRING_SSH_KNOWNHOSTS]) {
 315    /* we are asked to verify the host against a file */
 316    struct connectdata *conn = data->conn;
 317    struct libssh2_knownhost *host = NULL;
 318    const char *remotekey = libssh2_session_hostkey(sshc->ssh_session,
 319                                                    &keylen, &sshkeytype);
 320    int keycheck = LIBSSH2_KNOWNHOST_CHECK_FAILURE;
 321    int keybit = 0;
 322
 323    if(remotekey) {
 324      /*
 325       * A subject to figure out is what hostname we need to pass in here.
 326       * What hostname does OpenSSH store in its file if an IDN name is
 327       * used?
 328       */
 329      enum curl_khmatch keymatch;
 330      curl_sshkeycallback func =
 331        data->set.ssh_keyfunc ? data->set.ssh_keyfunc : sshkeycallback;
 332      struct curl_khkey knownkey;
 333      struct curl_khkey *knownkeyp = NULL;
 334      struct curl_khkey foundkey;
 335
 336      switch(sshkeytype) {
 337      case LIBSSH2_HOSTKEY_TYPE_RSA:
 338        keybit = LIBSSH2_KNOWNHOST_KEY_SSHRSA;
 339        break;
 340      case LIBSSH2_HOSTKEY_TYPE_DSS:
 341        keybit = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
 342        break;
 343      case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
 344        keybit = LIBSSH2_KNOWNHOST_KEY_ECDSA_256;
 345        break;
 346      case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
 347        keybit = LIBSSH2_KNOWNHOST_KEY_ECDSA_384;
 348        break;
 349      case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
 350        keybit = LIBSSH2_KNOWNHOST_KEY_ECDSA_521;
 351        break;
 352      case LIBSSH2_HOSTKEY_TYPE_ED25519:
 353        keybit = LIBSSH2_KNOWNHOST_KEY_ED25519;
 354        break;
 355      default:
 356        infof(data, "unsupported key type, cannot check knownhosts");
 357        keybit = 0;
 358        break;
 359      }
 360      if(!keybit)
 361        /* no check means failure! */
 362        rc = CURLKHSTAT_REJECT;
 363      else {
 364        keycheck = libssh2_knownhost_checkp(sshc->kh,
 365                                            conn->origin->hostname,
 366                                            (conn->origin->port != PORT_SSH) ?
 367                                            conn->origin->port : -1,
 368                                            remotekey, keylen,
 369                                            LIBSSH2_KNOWNHOST_TYPE_PLAIN|
 370                                            LIBSSH2_KNOWNHOST_KEYENC_RAW|
 371                                            keybit,
 372                                            &host);
 373
 374        infof(data, "SSH host check: %d, key: %s", keycheck,
 375              (keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH) ?
 376              host->key : "<none>");
 377
 378        /* setup 'knownkey' */
 379        if(keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH) {
 380          knownkey.key = host->key;
 381          knownkey.len = 0;
 382          knownkey.keytype = convert_ssh2_keytype(sshkeytype);
 383          knownkeyp = &knownkey;
 384        }
 385
 386        /* setup 'foundkey' */
 387        foundkey.key = remotekey;
 388        foundkey.len = keylen;
 389        foundkey.keytype = convert_ssh2_keytype(sshkeytype);
 390
 391        /*
 392         * if any of the LIBSSH2_KNOWNHOST_CHECK_* defines and the
 393         * curl_khmatch enum are ever modified, we need to introduce a
 394         * translation table here!
 395         */
 396        keymatch = (enum curl_khmatch)keycheck;
 397
 398        /* Ask the callback how to behave */
 399        Curl_set_in_callback(data, TRUE);
 400        rc = func(data, knownkeyp, /* from the knownhosts file */
 401                  &foundkey, /* from the remote host */
 402                  keymatch, data->set.ssh_keyfunc_userp);
 403        Curl_set_in_callback(data, FALSE);
 404      }
 405    }
 406    else
 407      /* no remotekey means failure! */
 408      rc = CURLKHSTAT_REJECT;
 409
 410    switch(rc) {
 411    default: /* unknown return codes is the same as reject */
 412    case CURLKHSTAT_REJECT:
 413      myssh_to(data, sshc, SSH_SESSION_FREE);
 414      FALLTHROUGH();
 415    case CURLKHSTAT_DEFER:
 416      /* DEFER means bail out but keep the SSH_HOSTKEY state */
 417      result = CURLE_PEER_FAILED_VERIFICATION;
 418      break;
 419    case CURLKHSTAT_FINE_REPLACE:
 420      /* remove old host+key that does not match */
 421      if(host)
 422        libssh2_knownhost_del(sshc->kh, host);
 423      FALLTHROUGH();
 424    case CURLKHSTAT_FINE:
 425    case CURLKHSTAT_FINE_ADD_TO_FILE:
 426      /* proceed */
 427      if(keycheck != LIBSSH2_KNOWNHOST_CHECK_MATCH) {
 428        /* the found host+key did not match but has been told to be fine
 429           anyway so we add it in memory */
 430        int addrc = libssh2_knownhost_add(sshc->kh,
 431                                          conn->origin->hostname, NULL,
 432                                          remotekey, keylen,
 433                                          LIBSSH2_KNOWNHOST_TYPE_PLAIN|
 434                                          LIBSSH2_KNOWNHOST_KEYENC_RAW|
 435                                          keybit, NULL);
 436        if(addrc)
 437          infof(data, "WARNING: adding the known host %s failed",
 438                conn->origin->hostname);
 439        else if(rc == CURLKHSTAT_FINE_ADD_TO_FILE ||
 440                rc == CURLKHSTAT_FINE_REPLACE) {
 441          /* now we write the entire in-memory list of known hosts to the
 442             known_hosts file */
 443          int wrc =
 444            libssh2_knownhost_writefile(sshc->kh,
 445                                        data->set.str[STRING_SSH_KNOWNHOSTS],
 446                                        LIBSSH2_KNOWNHOST_FILE_OPENSSH);
 447          if(wrc) {
 448            infof(data, "WARNING: writing %s failed",
 449                  data->set.str[STRING_SSH_KNOWNHOSTS]);
 450          }
 451        }
 452      }
 453      break;
 454    }
 455  }
 456  return result;
 457}
 458
 459static CURLcode ssh_check_fingerprint(struct Curl_easy *data,
 460                                      struct ssh_conn *sshc)
 461{
 462  const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5];
 463  const char *pubkey_sha256 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_SHA256];
 464
 465  infof(data, "SSH MD5 public key: %s",
 466        pubkey_md5 != NULL ? pubkey_md5 : "NULL");
 467  infof(data, "SSH SHA256 public key: %s",
 468        pubkey_sha256 != NULL ? pubkey_sha256 : "NULL");
 469
 470  if(pubkey_sha256) {
 471    const char *fingerprint = NULL;
 472    char *fingerprint_b64 = NULL;
 473    size_t fingerprint_b64_len;
 474    size_t pub_pos = 0;
 475    size_t b64_pos = 0;
 476
 477    /* The fingerprint points to static storage (!), do not free() it. */
 478    fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
 479                                       LIBSSH2_HOSTKEY_HASH_SHA256);
 480    if(!fingerprint) {
 481      failf(data,
 482            "Denied establishing ssh session: SHA256 fingerprint "
 483            "not available");
 484      myssh_to(data, sshc, SSH_SESSION_FREE);
 485      return CURLE_PEER_FAILED_VERIFICATION;
 486    }
 487
 488    /* The length of fingerprint is 32 bytes for SHA256.
 489     * See libssh2_hostkey_hash documentation. */
 490    if(curlx_base64_encode((const uint8_t *)fingerprint, 32, &fingerprint_b64,
 491                           &fingerprint_b64_len) != CURLE_OK) {
 492      myssh_to(data, sshc, SSH_SESSION_FREE);
 493      return CURLE_PEER_FAILED_VERIFICATION;
 494    }
 495
 496    if(!fingerprint_b64) {
 497      failf(data, "SHA256 fingerprint could not be encoded");
 498      myssh_to(data, sshc, SSH_SESSION_FREE);
 499      return CURLE_PEER_FAILED_VERIFICATION;
 500    }
 501
 502    infof(data, "SSH SHA256 fingerprint: %s", fingerprint_b64);
 503
 504    /* Find the position of any = padding characters in the public key */
 505    while((pubkey_sha256[pub_pos] != '=') && pubkey_sha256[pub_pos]) {
 506      pub_pos++;
 507    }
 508
 509    /* Find the position of any = padding characters in the base64 coded
 510     * hostkey fingerprint */
 511    while((fingerprint_b64[b64_pos] != '=') && fingerprint_b64[b64_pos]) {
 512      b64_pos++;
 513    }
 514
 515    /* Before we authenticate we check the hostkey's SHA256 fingerprint
 516     * against a known fingerprint, if available.
 517     */
 518    if((pub_pos != b64_pos) ||
 519       strncmp(fingerprint_b64, pubkey_sha256, pub_pos)) {
 520      failf(data,
 521            "Denied establishing ssh session: mismatch SHA256 fingerprint. "
 522            "Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256);
 523      curlx_free(fingerprint_b64);
 524      myssh_to(data, sshc, SSH_SESSION_FREE);
 525      return CURLE_PEER_FAILED_VERIFICATION;
 526    }
 527
 528    curlx_free(fingerprint_b64);
 529
 530    infof(data, "SHA256 checksum match");
 531  }
 532
 533  if(pubkey_md5) {
 534    char md5buffer[33];
 535    const char *fingerprint;
 536
 537    fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
 538                                       LIBSSH2_HOSTKEY_HASH_MD5);
 539
 540    if(fingerprint) {
 541      /* The fingerprint points to static storage (!), do not free() it. */
 542      int i;
 543      for(i = 0; i < 16; i++) {
 544        curl_msnprintf(&md5buffer[i * 2], 3, "%02x",
 545                       (unsigned char)fingerprint[i]);
 546      }
 547
 548      infof(data, "SSH MD5 fingerprint: %s", md5buffer);
 549    }
 550
 551    /* This does NOT verify the length of 'pubkey_md5' separately, which
 552       makes the comparison below fail unless it is exactly 32 characters */
 553    if(!fingerprint || !curl_strequal(md5buffer, pubkey_md5)) {
 554      if(fingerprint) {
 555        failf(data,
 556              "Denied establishing ssh session: mismatch MD5 fingerprint. "
 557              "Remote %s is not equal to %s", md5buffer, pubkey_md5);
 558      }
 559      else {
 560        failf(data,
 561              "Denied establishing ssh session: MD5 fingerprint "
 562              "not available");
 563      }
 564      myssh_to(data, sshc, SSH_SESSION_FREE);
 565      return CURLE_PEER_FAILED_VERIFICATION;
 566    }
 567    infof(data, "MD5 checksum match");
 568  }
 569
 570  if(!pubkey_md5 && !pubkey_sha256) {
 571    if(data->set.ssh_hostkeyfunc) {
 572      size_t keylen = 0;
 573      int sshkeytype = 0;
 574      int rc = 0;
 575      /* we handle the process to the callback */
 576      const char *remotekey = libssh2_session_hostkey(sshc->ssh_session,
 577                                                      &keylen, &sshkeytype);
 578      if(remotekey) {
 579        enum curl_khtype keytype = convert_ssh2_keytype(sshkeytype);
 580        Curl_set_in_callback(data, TRUE);
 581        rc = data->set.ssh_hostkeyfunc(data->set.ssh_hostkeyfunc_userp,
 582                                       (int)keytype, remotekey, keylen);
 583        Curl_set_in_callback(data, FALSE);
 584        if(rc != CURLKHMATCH_OK) {
 585          myssh_to(data, sshc, SSH_SESSION_FREE);
 586          return CURLE_PEER_FAILED_VERIFICATION;
 587        }
 588      }
 589      else {
 590        myssh_to(data, sshc, SSH_SESSION_FREE);
 591        return CURLE_PEER_FAILED_VERIFICATION;
 592      }
 593      return CURLE_OK;
 594    }
 595    else {
 596      return ssh_knownhost(data, sshc);
 597    }
 598  }
 599  else {
 600    /* as we already matched, we skip the check for known hosts */
 601    return CURLE_OK;
 602  }
 603}
 604
 605/*
 606 * ssh_force_knownhost_key_type() checks the known hosts file and try to
 607 * force a specific public key type from the server if an entry is found.
 608 */
 609static CURLcode ssh_force_knownhost_key_type(struct Curl_easy *data,
 610                                             struct ssh_conn *sshc)
 611{
 612  CURLcode result = CURLE_OK;
 613
 614  static const char hostkey_method_ssh_ed25519[] = "ssh-ed25519";
 615  static const char hostkey_method_ssh_ecdsa_521[] = "ecdsa-sha2-nistp521";
 616  static const char hostkey_method_ssh_ecdsa_384[] = "ecdsa-sha2-nistp384";
 617  static const char hostkey_method_ssh_ecdsa_256[] = "ecdsa-sha2-nistp256";
 618  static const char hostkey_method_ssh_rsa_all[] =
 619    "rsa-sha2-256,rsa-sha2-512,ssh-rsa";
 620  static const char hostkey_method_ssh_dss[] = "ssh-dss";
 621  bool found = FALSE;
 622
 623  if(sshc->kh &&
 624     !data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5] &&
 625     !data->set.str[STRING_SSH_HOST_PUBLIC_KEY_SHA256]) {
 626    struct libssh2_knownhost *store = NULL;
 627    struct connectdata *conn = data->conn;
 628    /* lets try to find our host in the known hosts file */
 629    while(!libssh2_knownhost_get(sshc->kh, &store, store)) {
 630      /* For non-standard ports, the name is enclosed in */
 631      /* square brackets, followed by a colon and the port */
 632      if(store) {
 633        if(store->name) {
 634          if(store->name[0] == '[') {
 635            curl_off_t port;
 636            size_t kh_name_size = 0;
 637            const char *p;
 638            const char *kh_name_end = strstr(store->name, "]:");
 639            if(!kh_name_end) {
 640              infof(data, "Invalid host pattern %s in %s",
 641                    store->name, data->set.str[STRING_SSH_KNOWNHOSTS]);
 642              continue;
 643            }
 644            p = kh_name_end + 2; /* start of port number */
 645            if(!curlx_str_number(&p, &port, 0xffff) &&
 646               (kh_name_end && (port == conn->origin->port))) {
 647              kh_name_size = strlen(store->name) - 1 - strlen(kh_name_end);
 648              if(strncmp(store->name + 1,
 649                         conn->origin->hostname, kh_name_size) == 0) {
 650                found = TRUE;
 651                break;
 652              }
 653            }
 654          }
 655          else if(strcmp(store->name, conn->origin->hostname) == 0) {
 656            found = TRUE;
 657            break;
 658          }
 659        }
 660        else {
 661          found = TRUE;
 662          break;
 663        }
 664      }
 665    }
 666
 667    if(found) {
 668      int rc;
 669      const char *hostkey_method = NULL;
 670      infof(data, "Found host %s in %s",
 671            conn->origin->hostname, data->set.str[STRING_SSH_KNOWNHOSTS]);
 672
 673      switch(store->typemask & LIBSSH2_KNOWNHOST_KEY_MASK) {
 674      case LIBSSH2_KNOWNHOST_KEY_ED25519:
 675        hostkey_method = hostkey_method_ssh_ed25519;
 676        break;
 677      case LIBSSH2_KNOWNHOST_KEY_ECDSA_521:
 678        hostkey_method = hostkey_method_ssh_ecdsa_521;
 679        break;
 680      case LIBSSH2_KNOWNHOST_KEY_ECDSA_384:
 681        hostkey_method = hostkey_method_ssh_ecdsa_384;
 682        break;
 683      case LIBSSH2_KNOWNHOST_KEY_ECDSA_256:
 684        hostkey_method = hostkey_method_ssh_ecdsa_256;
 685        break;
 686      case LIBSSH2_KNOWNHOST_KEY_SSHRSA:
 687        hostkey_method = hostkey_method_ssh_rsa_all;
 688        break;
 689      case LIBSSH2_KNOWNHOST_KEY_SSHDSS:
 690        hostkey_method = hostkey_method_ssh_dss;
 691        break;
 692      case LIBSSH2_KNOWNHOST_KEY_RSA1:
 693        failf(data, "Found host key type RSA1 which is not supported");
 694        return CURLE_SSH;
 695      default:
 696        failf(data, "Unknown host key type: %i",
 697              (store->typemask & LIBSSH2_KNOWNHOST_KEY_MASK));
 698        return CURLE_SSH;
 699      }
 700
 701      infof(data, "Set \"%s\" as SSH hostkey type", hostkey_method);
 702      rc = libssh2_session_method_pref(sshc->ssh_session,
 703                                       LIBSSH2_METHOD_HOSTKEY, hostkey_method);
 704      if(rc) {
 705        char *err_msg = NULL;
 706        int errlen;
 707        libssh2_session_last_error(sshc->ssh_session, &err_msg, &errlen, 0);
 708        failf(data, "libssh2 method '%s' failed: %s", hostkey_method, err_msg);
 709        result = libssh2_session_error_to_CURLE(rc);
 710      }
 711    }
 712    else {
 713      infof(data, "Did not find host %s in %s",
 714            conn->origin->hostname, data->set.str[STRING_SSH_KNOWNHOSTS]);
 715    }
 716  }
 717
 718  return result;
 719}
 720
 721static CURLcode quote_error(struct Curl_easy *data,
 722                            struct ssh_conn *sshc)
 723{
 724  failf(data, "Suspicious data after the command line");
 725  curlx_safefree(sshc->quote_path1);
 726  curlx_safefree(sshc->quote_path2);
 727  return CURLE_QUOTE_ERROR;
 728}
 729
 730static CURLcode sftp_quote(struct Curl_easy *data,
 731                           struct ssh_conn *sshc,
 732                           struct SSHPROTO *sshp)
 733{
 734  const char *cp;
 735  CURLcode result = CURLE_OK;
 736
 737  /*
 738   * Support some of the "FTP" commands
 739   *
 740   * 'sshc->quote_item' is already verified to be non-NULL before it
 741   * switched to this state.
 742   */
 743  const char *cmd = sshc->quote_item->data;
 744  sshc->acceptfail = FALSE;
 745
 746  /* if a command starts with an asterisk, which a legal SFTP command never
 747     can, the command is allowed to fail without it causing any
 748     aborts or cancels etc. It causes libcurl to act as if the command
 749     is successful, whatever the server responds. */
 750
 751  if(cmd[0] == '*') {
 752    cmd++;
 753    sshc->acceptfail = TRUE;
 754  }
 755
 756  if(curl_strequal("pwd", cmd)) {
 757    /* output debug output if that is requested */
 758    char *tmp = curl_maprintf("257 \"%s\" is current directory.\n",
 759                              sshp->path);
 760    if(!tmp)
 761      return CURLE_OUT_OF_MEMORY;
 762    Curl_debug(data, CURLINFO_HEADER_OUT, "PWD\n", 4);
 763    Curl_debug(data, CURLINFO_HEADER_IN, tmp, strlen(tmp));
 764
 765    /* this sends an FTP-like "header" to the header callback so that
 766       the current directory can be read similar to how it is read when
 767       using ordinary FTP. */
 768    result = Curl_client_write(data, CLIENTWRITE_HEADER, tmp, strlen(tmp));
 769    curlx_free(tmp);
 770    if(!result)
 771      myssh_to(data, sshc, SSH_SFTP_NEXT_QUOTE);
 772    return result;
 773  }
 774
 775  /*
 776   * the arguments following the command must be separated from the
 777   * command with a space so we can check for it unconditionally
 778   */
 779  cp = strchr(cmd, ' ');
 780  if(!cp) {
 781    failf(data, "Syntax error command '%s', missing parameter", cmd);
 782    return result;
 783  }
 784
 785  /*
 786   * also, every command takes at least one argument so we get that
 787   * first argument right now
 788   */
 789  result = Curl_get_pathname(&cp, &sshc->quote_path1, sshc->homedir);
 790  if(result) {
 791    if(result != CURLE_OUT_OF_MEMORY)
 792      failf(data, "Syntax error: Bad first parameter to '%s'", cmd);
 793    return result;
 794  }
 795
 796  /*
 797   * SFTP is a binary protocol, so we do not send text commands to the server.
 798   * Instead, we scan for commands used by OpenSSH's sftp program and call the
 799   * appropriate libssh2 functions.
 800   */
 801  if(!strncmp(cmd, "chgrp ", 6) ||
 802     !strncmp(cmd, "chmod ", 6) ||
 803     !strncmp(cmd, "chown ", 6) ||
 804     !strncmp(cmd, "atime ", 6) ||
 805     !strncmp(cmd, "mtime ", 6)) {
 806    /* attribute change */
 807
 808    /* sshc->quote_path1 contains the mode to set */
 809    /* get the destination */
 810    result = Curl_get_pathname(&cp, &sshc->quote_path2, sshc->homedir);
 811    if(result) {
 812      if(result != CURLE_OUT_OF_MEMORY)
 813        failf(data, "Syntax error in %s: Bad second parameter", cmd);
 814      curlx_safefree(sshc->quote_path1);
 815      return result;
 816    }
 817    if(*cp)
 818      return quote_error(data, sshc);
 819
 820    memset(&sshp->quote_attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES));
 821    myssh_to(data, sshc, SSH_SFTP_QUOTE_STAT);
 822    return result;
 823  }
 824  if(!strncmp(cmd, "ln ", 3) ||
 825     !strncmp(cmd, "symlink ", 8)) {
 826    /* symbolic linking */
 827    /* sshc->quote_path1 is the source */
 828    /* get the destination */
 829    result = Curl_get_pathname(&cp, &sshc->quote_path2, sshc->homedir);
 830    if(result) {
 831      if(result != CURLE_OUT_OF_MEMORY)
 832        failf(data, "Syntax error in ln/symlink: Bad second parameter");
 833      curlx_safefree(sshc->quote_path1);
 834      return result;
 835    }
 836    if(*cp)
 837      return quote_error(data, sshc);
 838    myssh_to(data, sshc, SSH_SFTP_QUOTE_SYMLINK);
 839    return result;
 840  }
 841  else if(!strncmp(cmd, "mkdir ", 6)) {
 842    if(*cp)
 843      return quote_error(data, sshc);
 844    /* create directory */
 845    myssh_to(data, sshc, SSH_SFTP_QUOTE_MKDIR);
 846    return result;
 847  }
 848  else if(!strncmp(cmd, "rename ", 7)) {
 849    /* rename file */
 850    /* first param is the source path */
 851    /* second param is the dest. path */
 852    result = Curl_get_pathname(&cp, &sshc->quote_path2, sshc->homedir);
 853    if(result) {
 854      if(result != CURLE_OUT_OF_MEMORY)
 855        failf(data, "Syntax error in rename: Bad second parameter");
 856      curlx_safefree(sshc->quote_path1);
 857      return result;
 858    }
 859    if(*cp)
 860      return quote_error(data, sshc);
 861    myssh_to(data, sshc, SSH_SFTP_QUOTE_RENAME);
 862    return result;
 863  }
 864  else if(!strncmp(cmd, "rmdir ", 6)) {
 865    if(*cp)
 866      return quote_error(data, sshc);
 867    /* delete directory */
 868    myssh_to(data, sshc, SSH_SFTP_QUOTE_RMDIR);
 869    return result;
 870  }
 871  else if(!strncmp(cmd, "rm ", 3)) {
 872    if(*cp)
 873      return quote_error(data, sshc);
 874    myssh_to(data, sshc, SSH_SFTP_QUOTE_UNLINK);
 875    return result;
 876  }
 877  else if(!strncmp(cmd, "statvfs ", 8)) {
 878    if(*cp)
 879      return quote_error(data, sshc);
 880    myssh_to(data, sshc, SSH_SFTP_QUOTE_STATVFS);
 881    return result;
 882  }
 883
 884  failf(data, "Unknown SFTP command");
 885  curlx_safefree(sshc->quote_path1);
 886  curlx_safefree(sshc->quote_path2);
 887  return CURLE_QUOTE_ERROR;
 888}
 889
 890static CURLcode sftp_upload_init(struct Curl_easy *data,
 891                                 struct ssh_conn *sshc,
 892                                 struct SSHPROTO *sshp,
 893                                 bool *blockp)
 894{
 895  unsigned long flags;
 896
 897  /*
 898   * NOTE!!!  libssh2 requires that the destination path is a full path
 899   *          that includes the destination file and name OR ends in a "/"
 900   *          If this is not done the destination file is named the
 901   *          same name as the last directory in the path.
 902   */
 903
 904  if(data->state.resume_from) {
 905    LIBSSH2_SFTP_ATTRIBUTES attrs;
 906    if(data->state.resume_from < 0) {
 907      int rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshp->path,
 908                                    curlx_uztoui(strlen(sshp->path)),
 909                                    LIBSSH2_SFTP_STAT, &attrs);
 910      if(rc == LIBSSH2_ERROR_EAGAIN) {
 911        *blockp = TRUE;
 912        return CURLE_OK;
 913      }
 914      if(rc) {
 915        data->state.resume_from = 0;
 916      }
 917      else {
 918        curl_off_t size = attrs.filesize;
 919        if(size < 0) {
 920          failf(data, "Bad file size (%" FMT_OFF_T ")", size);
 921          return CURLE_BAD_DOWNLOAD_RESUME;
 922        }
 923        data->state.resume_from = attrs.filesize;
 924      }
 925    }
 926  }
 927
 928  if(data->set.remote_append) {
 929    /* True append mode: create if nonexisting */
 930    flags = LIBSSH2_FXF_WRITE | LIBSSH2_FXF_CREAT | LIBSSH2_FXF_APPEND;
 931  }
 932  else if(data->state.resume_from > 0) {
 933    /*
 934     * Resume MUST NOT use APPEND; some servers force writes to EOF when
 935     * APPEND is set, ignoring a prior seek().
 936     */
 937    flags = LIBSSH2_FXF_WRITE;
 938  }
 939  else {
 940    /* Clear file before writing (normal behavior) */
 941    flags = LIBSSH2_FXF_WRITE | LIBSSH2_FXF_CREAT | LIBSSH2_FXF_TRUNC;
 942  }
 943
 944  sshc->sftp_handle =
 945    libssh2_sftp_open_ex(sshc->sftp_session, sshp->path,
 946                         curlx_uztoui(strlen(sshp->path)),
 947                         flags, (long)data->set.new_file_perms,
 948                         LIBSSH2_SFTP_OPENFILE);
 949
 950  if(!sshc->sftp_handle) {
 951    CURLcode result;
 952    unsigned long sftperr;
 953    int rc = libssh2_session_last_errno(sshc->ssh_session);
 954
 955    if(LIBSSH2_ERROR_EAGAIN == rc) {
 956      *blockp = TRUE;
 957      return CURLE_OK;
 958    }
 959
 960    if(LIBSSH2_ERROR_SFTP_PROTOCOL == rc)
 961      /* only when there was an SFTP protocol error can we extract
 962         the sftp error! */
 963      sftperr = libssh2_sftp_last_error(sshc->sftp_session);
 964    else
 965      sftperr = LIBSSH2_FX_OK; /* not an sftp error at all */
 966
 967    if(sshc->secondCreateDirs) {
 968      myssh_to(data, sshc, SSH_SFTP_CLOSE);
 969      failf(data, "Creating the dir/file failed: %s",
 970            sftp_libssh2_strerror(sftperr));
 971      return sftp_libssh2_error_to_CURLE(sftperr);
 972    }
 973    if((sftperr == LIBSSH2_FX_NO_SUCH_FILE ||
 974        sftperr == LIBSSH2_FX_FAILURE ||
 975        sftperr == LIBSSH2_FX_NO_SUCH_PATH) &&
 976       data->set.ftp_create_missing_dirs &&
 977       (strlen(sshp->path) > 1)) {
 978      /* try to create the path remotely */
 979      sshc->secondCreateDirs = 1;
 980      myssh_to(data, sshc, SSH_SFTP_CREATE_DIRS_INIT);
 981      return CURLE_OK;
 982    }
 983    myssh_to(data, sshc, SSH_SFTP_CLOSE);
 984    result = sftp_libssh2_error_to_CURLE(sftperr);
 985    if(!result) {
 986      /* Sometimes, for some reason libssh2_sftp_last_error() returns zero
 987         even though libssh2_sftp_open() failed previously! We need to
 988         work around that! */
 989      result = CURLE_SSH;
 990      sftperr = LIBSSH2_FX_OK;
 991    }
 992    failf(data, "Upload failed: %s (%lu/%d)",
 993          sftperr != LIBSSH2_FX_OK ?
 994          sftp_libssh2_strerror(sftperr) : "ssh error",
 995          sftperr, rc);
 996    return result;
 997  }
 998
 999  /* If we have a restart point then we need to seek to the correct
1000     Skip if in explicit remote append mode. */
1001  if(data->state.resume_from > 0 && !data->set.remote_append) {
1002    int seekerr = CURL_SEEKFUNC_OK;
1003    /* Let's read off the proper amount of bytes from the input. */
1004    if(data->set.seek_func) {
1005      Curl_set_in_callback(data, TRUE);
1006      seekerr = data->set.seek_func(data->set.seek_client,
1007                                    data->state.resume_from, SEEK_SET);
1008      Curl_set_in_callback(data, FALSE);
1009    }
1010
1011    if(seekerr != CURL_SEEKFUNC_OK) {
1012      curl_off_t passed = 0;
1013
1014      if(seekerr != CURL_SEEKFUNC_CANTSEEK) {
1015        failf(data, "Could not seek stream");
1016        return CURLE_FTP_COULDNT_USE_REST;
1017      }
1018      /* seekerr == CURL_SEEKFUNC_CANTSEEK (cannot seek to offset) */
1019      do {
1020        char scratch[4 * 1024];
1021        size_t readthisamountnow =
1022          (data->state.resume_from - passed >
1023           (curl_off_t)sizeof(scratch)) ?
1024          sizeof(scratch) : curlx_sotouz(data->state.resume_from - passed);
1025
1026        size_t actuallyread;
1027        Curl_set_in_callback(data, TRUE);
1028        actuallyread = data->state.fread_func(scratch, 1,
1029                                              readthisamountnow,
1030                                              data->state.in);
1031        Curl_set_in_callback(data, FALSE);
1032
1033        passed += actuallyread;
1034        if((actuallyread == 0) || (actuallyread > readthisamountnow)) {
1035          /* this checks for greater-than only to make sure that the
1036             CURL_READFUNC_ABORT return code still aborts */
1037          failf(data, "Failed to read data");
1038          return CURLE_FTP_COULDNT_USE_REST;
1039        }
1040      } while(passed < data->state.resume_from);
1041    }
1042
1043    /* now, decrease the size of the read */
1044    if(data->state.infilesize > 0) {
1045      data->state.infilesize -= data->state.resume_from;
1046      data->req.size = data->state.infilesize;
1047      Curl_pgrsSetUploadSize(data, data->state.infilesize);
1048    }
1049
1050    libssh2_sftp_seek64(sshc->sftp_handle,
1051                        (libssh2_uint64_t)data->state.resume_from);
1052  }
1053  if(data->state.infilesize > 0) {
1054    data->req.size = data->state.infilesize;
1055    Curl_pgrsSetUploadSize(data, data->state.infilesize);
1056  }
1057  /* upload data */
1058  Curl_xfer_setup_send(data, FIRSTSOCKET);
1059
1060  /* not set by Curl_xfer_setup to preserve io_flags */
1061  data->conn->recv_idx = FIRSTSOCKET;
1062
1063  /* since we do not really wait for anything at this point, we want the
1064     state machine to move on as soon as possible so mark this as dirty */
1065  Curl_multi_mark_dirty(data);
1066
1067  myssh_to(data, sshc, SSH_STOP);
1068  return CURLE_OK;
1069}
1070
1071static CURLcode ssh_state_pkey_init(struct Curl_easy *data,
1072                                    struct ssh_conn *sshc)
1073{
1074  /*
1075   * Check the supported auth types in the order I feel is most secure
1076   * with the requested type of authentication
1077   */
1078  sshc->authed = FALSE;
1079
1080  if((data->set.ssh_auth_types & CURLSSH_AUTH_PUBLICKEY) &&
1081     (strstr(sshc->authlist, "publickey") != NULL)) {
1082    bool out_of_memory = FALSE;
1083
1084    sshc->rsa_pub = sshc->rsa = NULL;
1085
1086    if(data->set.str[STRING_SSH_PRIVATE_KEY]) {
1087      sshc->rsa = curlx_strdup(data->set.str[STRING_SSH_PRIVATE_KEY]);
1088      if(!sshc->rsa)
1089        out_of_memory = TRUE;
1090    }
1091    else {
1092      /* To ponder about: should really the lib be messing about with the
1093         HOME environment variable etc? */
1094      char *home = curl_getenv("HOME");
1095      curlx_struct_stat sbuf;
1096
1097      /* If no private key file is specified, try some common paths. */
1098      if(home) {
1099        /* Try ~/.ssh first. */
1100        sshc->rsa = curl_maprintf("%s/.ssh/id_rsa", home);
1101        if(!sshc->rsa)
1102          out_of_memory = TRUE;
1103        else if(curlx_stat(sshc->rsa, &sbuf)) {
1104          curlx_free(sshc->rsa);
1105          sshc->rsa = curl_maprintf("%s/.ssh/id_dsa", home);
1106          if(!sshc->rsa)
1107            out_of_memory = TRUE;
1108          else if(curlx_stat(sshc->rsa, &sbuf)) {
1109            curlx_safefree(sshc->rsa);
1110          }
1111        }
1112        curlx_free(home);
1113      }
1114      if(!out_of_memory && !sshc->rsa) {
1115        /* Nothing found; try the current dir. */
1116        sshc->rsa = curlx_strdup("id_rsa");
1117        if(sshc->rsa && curlx_stat(sshc->rsa, &sbuf)) {
1118          curlx_free(sshc->rsa);
1119          sshc->rsa = curlx_strdup("id_dsa");
1120          if(sshc->rsa && curlx_stat(sshc->rsa, &sbuf)) {
1121            curlx_free(sshc->rsa);
1122            /* Out of guesses. Set to the empty string to avoid
1123             * surprising info messages. */
1124            sshc->rsa = curlx_strdup("");
1125          }
1126        }
1127      }
1128    }
1129
1130    /*
1131     * Unless the user explicitly specifies a public key file, let
1132     * libssh2 extract the public key from the private key file.
1133     * This is done by passing sshc->rsa_pub = NULL.
1134     */
1135    if(!out_of_memory && data->set.str[STRING_SSH_PUBLIC_KEY] &&
1136       /* treat empty string the same way as NULL */
1137       data->set.str[STRING_SSH_PUBLIC_KEY][0]) {
1138      sshc->rsa_pub = curlx_strdup(data->set.str[STRING_SSH_PUBLIC_KEY]);
1139      if(!sshc->rsa_pub)
1140        out_of_memory = TRUE;
1141    }
1142
1143    if(out_of_memory || !sshc->rsa) {
1144      curlx_safefree(sshc->rsa);
1145      curlx_safefree(sshc->rsa_pub);
1146      myssh_to(data, sshc, SSH_SESSION_FREE);
1147      return CURLE_OUT_OF_MEMORY;
1148    }
1149
1150    sshc->passphrase = data->set.ssl.key_passwd;
1151    if(!sshc->passphrase)
1152      sshc->passphrase = "";
1153
1154    if(sshc->rsa_pub)
1155      infof(data, "Using SSH public key file '%s'", sshc->rsa_pub);
1156    infof(data, "Using SSH private key file '%s'", sshc->rsa);
1157
1158    myssh_to(data, sshc, SSH_AUTH_PKEY);
1159  }
1160  else {
1161    myssh_to(data, sshc, SSH_AUTH_PASS_INIT);
1162  }
1163  return CURLE_OK;
1164}
1165
1166static CURLcode sftp_quote_stat(struct Curl_easy *data,
1167                                struct ssh_conn *sshc,
1168                                struct SSHPROTO *sshp,
1169                                bool *blockp)
1170{
1171  const char *cmd = sshc->quote_item->data;
1172  sshc->acceptfail = FALSE;
1173
1174  /* if a command starts with an asterisk, which a legal SFTP command never
1175     can, the command is allowed to fail without it causing any aborts or
1176     cancels etc. It causes libcurl to act as if the command is
1177     successful, whatever the server responds. */
1178
1179  if(cmd[0] == '*') {
1180    cmd++;
1181    sshc->acceptfail = TRUE;
1182  }
1183
1184  if(!!strncmp(cmd, "chmod", 5)) {
1185    /* Since chown and chgrp only set owner OR group but libssh2 wants to set
1186     * them both at once, we need to obtain the current ownership first. This
1187     * takes an extra protocol round trip.
1188     */
1189    int rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshc->quote_path2,
1190                                  curlx_uztoui(strlen(sshc->quote_path2)),
1191                                  LIBSSH2_SFTP_STAT,
1192                                  &sshp->quote_attrs);
1193    if(rc == LIBSSH2_ERROR_EAGAIN) {
1194      *blockp = TRUE;
1195      return CURLE_OK;
1196    }
1197    if(rc && !sshc->acceptfail) { /* get those attributes */
1198      unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session);
1199      failf(data, "Attempt to get SFTP stats failed: %s",
1200            sftp_libssh2_strerror(sftperr));
1201      goto fail;
1202    }
1203  }
1204
1205  /* Now set the new attributes... */
1206  if(!strncmp(cmd, "chgrp", 5)) {
1207    const char *p = sshc->quote_path1;
1208    curl_off_t gid;
1209    if(!curlx_str_number(&p, &gid, ULONG_MAX)) {
1210      sshp->quote_attrs.gid = (unsigned long)gid;
1211      sshp->quote_attrs.flags = LIBSSH2_SFTP_ATTR_UIDGID;
1212    }
1213    else if(!sshc->acceptfail) {
1214      failf(data, "Syntax error: chgrp gid not a number");
1215      goto fail;
1216    }
1217  }
1218  else if(!strncmp(cmd, "chmod", 5)) {
1219    curl_off_t perms;
1220    const char *p = sshc->quote_path1;
1221    /* permissions are octal */
1222    if(curlx_str_octal(&p, &perms, 07777)) {
1223      failf(data, "Syntax error: chmod permissions not a number");
1224      goto fail;
1225    }
1226
1227    sshp->quote_attrs.permissions = (unsigned long)perms;
1228    sshp->quote_attrs.flags = LIBSSH2_SFTP_ATTR_PERMISSIONS;
1229  }
1230  else if(!strncmp(cmd, "chown", 5)) {
1231    const char *p = sshc->quote_path1;
1232    curl_off_t uid;
1233    if(!curlx_str_number(&p, &uid, ULONG_MAX)) {
1234      sshp->quote_attrs.uid = (unsigned long)uid;
1235      sshp->quote_attrs.flags = LIBSSH2_SFTP_ATTR_UIDGID;
1236    }
1237    else if(!sshc->acceptfail) {
1238      failf(data, "Syntax error: chown uid not a number");
1239      goto fail;
1240    }
1241  }
1242  else if(!strncmp(cmd, "atime", 5) ||
1243          !strncmp(cmd, "mtime", 5)) {
1244    time_t date;
1245    bool fail = FALSE;
1246
1247    if(Curl_getdate_capped(sshc->quote_path1, &date)) {
1248      failf(data, "incorrect date format for %.*s", 5, cmd);
1249      fail = TRUE;
1250    }
1251#if SIZEOF_TIME_T > SIZEOF_LONG
1252    if(date > 0xffffffff) {
1253      /* if 'long' cannot hold >32-bit, this date cannot be sent */
1254      failf(data, "date overflow");
1255      fail = TRUE;
1256    }
1257#endif
1258    if(fail)
1259      goto fail;
1260    if(!strncmp(cmd, "atime", 5))
1261      sshp->quote_attrs.atime = (unsigned long)date;
1262    else /* mtime */
1263      sshp->quote_attrs.mtime = (unsigned long)date;
1264
1265    sshp->quote_attrs.flags = LIBSSH2_SFTP_ATTR_ACMODTIME;
1266  }
1267
1268  /* Now send the completed structure... */
1269  myssh_to(data, sshc, SSH_SFTP_QUOTE_SETSTAT);
1270  return CURLE_OK;
1271fail:
1272  curlx_safefree(sshc->quote_path1);
1273  curlx_safefree(sshc->quote_path2);
1274  return CURLE_QUOTE_ERROR;
1275}
1276
1277static CURLcode sftp_download_stat(struct Curl_easy *data,
1278                                   struct ssh_conn *sshc,
1279                                   struct SSHPROTO *sshp,
1280                                   bool *blockp)
1281{
1282  LIBSSH2_SFTP_ATTRIBUTES attrs;
1283  int rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshp->path,
1284                                curlx_uztoui(strlen(sshp->path)),
1285                                LIBSSH2_SFTP_STAT, &attrs);
1286  if(rc == LIBSSH2_ERROR_EAGAIN) {
1287    *blockp = TRUE;
1288    return CURLE_OK;
1289  }
1290  if(rc ||
1291     !(attrs.flags & LIBSSH2_SFTP_ATTR_SIZE) ||
1292     (attrs.filesize == 0)) {
1293    /*
1294     * libssh2_sftp_open() did not return an error, so maybe the server
1295     * does not support stat()
1296     * OR the server does not return a file size with a stat()
1297     * OR file size is 0
1298     */
1299    data->req.size = -1;
1300    data->req.maxdownload = -1;
1301    Curl_pgrsSetDownloadSize(data, -1);
1302    attrs.filesize = 0; /* might be uninitialized but is read below */
1303  }
1304  else {
1305    curl_off_t size = attrs.filesize;
1306
1307    if(size < 0) {
1308      failf(data, "Bad file size (%" FMT_OFF_T ")", size);
1309      return CURLE_BAD_DOWNLOAD_RESUME;
1310    }
1311    if(data->state.use_range) {
1312      curl_off_t from;
1313      CURLcode result = Curl_ssh_range(data, data->state.range, size,
1314                                       &from, &size);
1315      if(result)
1316        return result;
1317
1318      libssh2_sftp_seek64(sshc->sftp_handle, (libssh2_uint64_t)from);
1319    }
1320    data->req.size = size;
1321    data->req.maxdownload = size;
1322    Curl_pgrsSetDownloadSize(data, size);
1323  }
1324
1325  /* We can resume if we can seek to the resume position */
1326  if(data->state.resume_from) {
1327    if(data->state.resume_from < 0) {
1328      /* We are supposed to download the last abs(from) bytes */
1329      if((curl_off_t)attrs.filesize < -data->state.resume_from) {
1330        failf(data, "Offset (%" FMT_OFF_T ") was beyond file size (%"
1331              FMT_OFF_T ")",
1332              data->state.resume_from, (curl_off_t)attrs.filesize);
1333        return CURLE_BAD_DOWNLOAD_RESUME;
1334      }
1335      /* download from where? */
1336      data->state.resume_from += attrs.filesize;
1337    }
1338    else {
1339      if((curl_off_t)attrs.filesize < data->state.resume_from) {
1340        failf(data, "Offset (%" FMT_OFF_T
1341              ") was beyond file size (%" FMT_OFF_T ")",
1342              data->state.resume_from, (curl_off_t)attrs.filesize);
1343        return CURLE_BAD_DOWNLOAD_RESUME;
1344      }
1345    }
1346    /* Now store the number of bytes we are expected to download */
1347    data->req.size = attrs.filesize - data->state.resume_from;
1348    data->req.maxdownload = attrs.filesize - data->state.resume_from;
1349    Curl_pgrsSetDownloadSize(data, attrs.filesize - data->state.resume_from);
1350    libssh2_sftp_seek64(sshc->sftp_handle,
1351                        (libssh2_uint64_t)data->state.resume_from);
1352  }
1353
1354  /* Setup the actual download */
1355  if(data->req.size == 0) {
1356    /* no data to transfer */
1357    Curl_xfer_setup_nop(data);
1358    infof(data, "File already completely downloaded");
1359    myssh_to(data, sshc, SSH_STOP);
1360    return CURLE_OK;
1361  }
1362  Curl_xfer_setup_recv(data, FIRSTSOCKET, data->req.size);
1363
1364  /* not set by Curl_xfer_setup to preserve io_flags */
1365  data->conn->send_idx = 0;
1366
1367  myssh_to(data, sshc, SSH_STOP);
1368
1369  return CURLE_OK;
1370}
1371
1372static CURLcode sftp_readdir(struct Curl_easy *data,
1373                             struct ssh_conn *sshc,
1374                             struct SSHPROTO *sshp,
1375                             bool *blockp)
1376{
1377  CURLcode result = CURLE_OK;
1378  int rc = libssh2_sftp_readdir_ex(sshc->sftp_handle,
1379                                   sshp->readdir_filename, CURL_PATH_MAX,
1380                                   sshp->readdir_longentry, CURL_PATH_MAX,
1381                                   &sshp->readdir_attrs);
1382  if(rc == LIBSSH2_ERROR_EAGAIN) {
1383    *blockp = TRUE;
1384    return result;
1385  }
1386  if(rc > 0) {
1387    size_t readdir_len = (size_t)rc;
1388    sshp->readdir_filename[readdir_len] = '\0';
1389
1390    if(data->set.list_only) {
1391      result = Curl_client_write(data, CLIENTWRITE_BODY,
1392                                 sshp->readdir_filename,
1393                                 readdir_len);
1394      if(!result)
1395        result = Curl_client_write(data, CLIENTWRITE_BODY, "\n", 1);
1396      if(result)
1397        return result;
1398    }
1399    else {
1400      result = curlx_dyn_add(&sshp->readdir, sshp->readdir_longentry);
1401
1402      if(!result) {
1403        if((sshp->readdir_attrs.flags & LIBSSH2_SFTP_ATTR_PERMISSIONS) &&
1404           ((sshp->readdir_attrs.permissions & LIBSSH2_SFTP_S_IFMT) ==
1405            LIBSSH2_SFTP_S_IFLNK)) {
1406          result = curlx_dyn_addf(&sshp->readdir_link, "%s%s", sshp->path,
1407                                  sshp->readdir_filename);
1408          myssh_to(data, sshc, SSH_SFTP_READDIR_LINK);
1409        }
1410        else {
1411          myssh_to(data, sshc, SSH_SFTP_READDIR_BOTTOM);
1412        }
1413      }
1414      return result;
1415    }
1416  }
1417  else if(!rc) {
1418    myssh_to(data, sshc, SSH_SFTP_READDIR_DONE);
1419  }
1420  else {
1421    unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session);
1422    result = sftperr ? sftp_libssh2_error_to_CURLE(sftperr) : CURLE_SSH;
1423    failf(data, "Could not open remote file for reading: %s :: %d",
1424          sftp_libssh2_strerror(sftperr),
1425          libssh2_session_last_errno(sshc->ssh_session));
1426    myssh_to(data, sshc, SSH_SFTP_CLOSE);
1427  }
1428  return result;
1429}
1430
1431static CURLcode ssh_state_init(struct Curl_easy *data,
1432                               struct ssh_conn *sshc)
1433{
1434  CURLcode result;
1435  sshc->secondCreateDirs = 0;
1436  sshc->nextstate = SSH_NO_STATE;
1437
1438  /* Set libssh2 to non-blocking, since everything internally is
1439     non-blocking */
1440  libssh2_session_set_blocking(sshc->ssh_session, 0);
1441
1442  result = ssh_force_knownhost_key_type(data, sshc);
1443  if(result)
1444    myssh_to(data, sshc, SSH_SESSION_FREE);
1445  else
1446    myssh_to(data, sshc, SSH_S_STARTUP);
1447  return result;
1448}
1449
1450static CURLcode ssh_state_startup(struct Curl_easy *data,
1451                                  struct ssh_conn *sshc)
1452{
1453  struct connectdata *conn = data->conn;
1454  int rc = libssh2_session_handshake(sshc->ssh_session,
1455                                     conn->sock[FIRSTSOCKET]);
1456  if(rc == LIBSSH2_ERROR_EAGAIN)
1457    return CURLE_AGAIN;
1458
1459  if(rc) {
1460    char *err_msg = NULL;
1461    (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
1462    failf(data, "Failure establishing ssh session: %d, %s", rc, err_msg);
1463
1464    myssh_to(data, sshc, SSH_SESSION_FREE);
1465    return CURLE_FAILED_INIT;
1466  }
1467
1468  myssh_to(data, sshc, SSH_HOSTKEY);
1469  return CURLE_OK;
1470}
1471
1472static CURLcode ssh_state_hostkey(struct Curl_easy *data,
1473                                  struct ssh_conn *sshc)
1474{
1475  /*
1476   * Before we authenticate we should check the hostkey's fingerprint
1477   * against our known hosts. How that is handled (reading from file,
1478   * whatever) is up to us.
1479   */
1480  CURLcode result = ssh_check_fingerprint(data, sshc);
1481  if(!result)
1482    myssh_to(data, sshc, SSH_AUTHLIST);
1483  return result;
1484}
1485
1486static CURLcode ssh_state_authlist(struct Curl_easy *data,
1487                                   struct ssh_conn *sshc)
1488{
1489  /*
1490   * Figure out authentication methods
1491   * NB: As soon as we have provided a username to an openssh server we
1492   * must never change it later. Thus, always specify the correct username
1493   * here, even though the libssh2 docs kind of indicate that it should be
1494   * possible to get a 'generic' list (not user-specific) of authentication
1495   * methods, presumably with a blank username. That does not work in my
1496   * experience.
1497   * Therefore always specify it here.
1498   */
1499  struct connectdata *conn = data->conn;
1500  const char *user = Curl_creds_user(conn->creds);
1501  sshc->authlist = libssh2_userauth_list(sshc->ssh_session,
1502                                         user, curlx_uztoui(strlen(user)));
1503
1504  if(!sshc->authlist) {
1505    int rc;
1506    if(libssh2_userauth_authenticated(sshc->ssh_session)) {
1507      sshc->authed = TRUE;
1508      infof(data, "SSH user accepted with no authentication");
1509      myssh_to(data, sshc, SSH_AUTH_DONE);
1510      return CURLE_OK;
1511    }
1512    rc = libssh2_session_last_errno(sshc->ssh_session);
1513    if(rc == LIBSSH2_ERROR_EAGAIN)
1514      return CURLE_AGAIN;
1515
1516    myssh_to(data, sshc, SSH_SESSION_FREE);
1517    return libssh2_session_error_to_CURLE(rc);
1518  }
1519  infof(data, "SSH authentication methods available: %s", sshc->authlist);
1520
1521  myssh_to(data, sshc, SSH_AUTH_PKEY_INIT);
1522  return CURLE_OK;
1523}
1524
1525static CURLcode ssh_state_auth_pkey(struct Curl_easy *data,
1526                                    struct ssh_conn *sshc)
1527{
1528  /* The function below checks if the files exists, no need to stat() here.
1529   */
1530  struct connectdata *conn = data->conn;
1531  const char *user = Curl_creds_user(conn->creds);
1532  int rc =
1533    libssh2_userauth_publickey_fromfile_ex(sshc->ssh_session,
1534                                           user,
1535                                           curlx_uztoui(strlen(user)),
1536                                           sshc->rsa_pub,
1537                                           sshc->rsa, sshc->passphrase);
1538  if(rc == LIBSSH2_ERROR_EAGAIN)
1539    return CURLE_AGAIN;
1540
1541  curlx_safefree(sshc->rsa_pub);
1542  curlx_safefree(sshc->rsa);
1543
1544  if(rc == 0) {
1545    sshc->authed = TRUE;
1546    infof(data, "Initialized SSH public key authentication");
1547    myssh_to(data, sshc, SSH_AUTH_DONE);
1548  }
1549  else {
1550    char *err_msg = NULL;
1551    char unknown[] = "Reason unknown (-1)";
1552    if(rc == -1) {
1553      /* No error message has been set and the last set error message, if
1554         any, is from a previous error so ignore it. #11837 */
1555      err_msg = unknown;
1556    }
1557    else {
1558      (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
1559    }
1560    infof(data, "SSH public key authentication failed: %s", err_msg);
1561    myssh_to(data, sshc, SSH_AUTH_PASS_INIT);
1562  }
1563  return CURLE_OK;
1564}
1565
1566static CURLcode ssh_state_auth_pass_init(struct Curl_easy *data,
1567                                         struct ssh_conn *sshc)
1568{
1569  if((data->set.ssh_auth_types & CURLSSH_AUTH_PASSWORD) &&
1570     (strstr(sshc->authlist, "password") != NULL)) {
1571    myssh_to(data, sshc, SSH_AUTH_PASS);
1572  }
1573  else {
1574    myssh_to(data, sshc, SSH_AUTH_HOST_INIT);
1575  }
1576  return CURLE_OK;
1577}
1578
1579static CURLcode ssh_state_auth_pass(struct Curl_easy *data,
1580                                    struct ssh_conn *sshc)
1581{
1582  struct connectdata *conn = data->conn;
1583  const char *user = Curl_creds_user(conn->creds);
1584  const char *passwd = Curl_creds_passwd(conn->creds);
1585  int rc =
1586    libssh2_userauth_password_ex(sshc->ssh_session, user,
1587                                 curlx_uztoui(strlen(user)),
1588                                 passwd,
1589                                 curlx_uztoui(strlen(passwd)),
1590                                 NULL);
1591  if(rc == LIBSSH2_ERROR_EAGAIN) {
1592    return CURLE_AGAIN;
1593  }
1594  if(rc == 0) {
1595    sshc->authed = TRUE;
1596    infof(data, "Initialized password authentication");
1597    myssh_to(data, sshc, SSH_AUTH_DONE);
1598  }
1599  else {
1600    myssh_to(data, sshc, SSH_AUTH_HOST_INIT);
1601  }
1602  return CURLE_OK;
1603}
1604
1605static CURLcode ssh_state_auth_host_init(struct Curl_easy *data,
1606                                         struct ssh_conn *sshc)
1607{
1608  if((data->set.ssh_auth_types & CURLSSH_AUTH_HOST) &&
1609     (strstr(sshc->authlist, "hostbased") != NULL)) {
1610    myssh_to(data, sshc, SSH_AUTH_HOST);
1611  }
1612  else {
1613    myssh_to(data, sshc, SSH_AUTH_AGENT_INIT);
1614  }
1615  return CURLE_OK;
1616}
1617
1618static CURLcode ssh_state_auth_agent_init(struct Curl_easy *data,
1619                                          struct ssh_conn *sshc)
1620{
1621  int rc = 0;
1622  if((data->set.ssh_auth_types & CURLSSH_AUTH_AGENT) &&
1623     (strstr(sshc->authlist, "publickey") != NULL)) {
1624
1625    /* Connect to the ssh-agent */
1626    /* The agent could be shared by a curl thread i believe
1627       but nothing obvious as keys can be added/removed at any time */
1628    if(!sshc->ssh_agent) {
1629      sshc->ssh_agent = libssh2_agent_init(sshc->ssh_session);
1630      if(!sshc->ssh_agent) {
1631        infof(data, "Could not create agent object");
1632
1633        myssh_to(data, sshc, SSH_AUTH_KEY_INIT);
1634        return CURLE_OK;
1635      }
1636    }
1637
1638    rc = libssh2_agent_connect(sshc->ssh_agent);
1639    if(rc == LIBSSH2_ERROR_EAGAIN)
1640      return CURLE_AGAIN;
1641    if(rc < 0) {
1642      infof(data, "Failure connecting to agent");
1643      myssh_to(data, sshc, SSH_AUTH_KEY_INIT);
1644    }
1645    else {
1646      myssh_to(data, sshc, SSH_AUTH_AGENT_LIST);
1647    }
1648  }
1649  else
1650    myssh_to(data, sshc, SSH_AUTH_KEY_INIT);
1651  return CURLE_OK;
1652}
1653
1654static CURLcode ssh_state_auth_agent_list(struct Curl_easy *data,
1655                                          struct ssh_conn *sshc)
1656{
1657  int rc = libssh2_agent_list_identities(sshc->ssh_agent);
1658
1659  if(rc == LIBSSH2_ERROR_EAGAIN)
1660    return CURLE_AGAIN;
1661  if(rc < 0) {
1662    infof(data, "Failure requesting identities to agent");
1663    myssh_to(data, sshc, SSH_AUTH_KEY_INIT);
1664  }
1665  else {
1666    myssh_to(data, sshc, SSH_AUTH_AGENT);
1667    sshc->sshagent_prev_identity = NULL;
1668  }
1669  return CURLE_OK;
1670}
1671
1672static CURLcode ssh_state_auth_agent(struct Curl_easy *data,
1673                                     struct ssh_conn *sshc)
1674{
1675  /* as prev_identity evolves only after an identity user auth finished we
1676     can safely request it again as long as EAGAIN is returned here or by
1677     libssh2_agent_userauth */
1678  int rc = libssh2_agent_get_identity(sshc->ssh_agent,
1679                                      &sshc->sshagent_identity,
1680                                      sshc->sshagent_prev_identity);
1681  if(rc == LIBSSH2_ERROR_EAGAIN)
1682    return CURLE_AGAIN;
1683
1684  if(rc == 0) {
1685    struct connectdata *conn = data->conn;
1686    rc = libssh2_agent_userauth(sshc->ssh_agent, Curl_creds_user(conn->creds),
1687                                sshc->sshagent_identity);
1688
1689    if(rc < 0) {
1690      if(rc != LIBSSH2_ERROR_EAGAIN) {
1691        /* tried and failed? go to next identity */
1692        sshc->sshagent_prev_identity = sshc->sshagent_identity;
1693        return CURLE_OK;
1694      }
1695      return CURLE_AGAIN;
1696    }
1697  }
1698
1699  if(rc < 0)
1700    infof(data, "Failure requesting identities to agent");
1701  else if(rc == 1)
1702    infof(data, "No identity would match");
1703
1704  if(rc == LIBSSH2_ERROR_NONE) {
1705    sshc->authed = TRUE;
1706    infof(data, "Agent based authentication successful");
1707    myssh_to(data, sshc, SSH_AUTH_DONE);
1708  }
1709  else {
1710    myssh_to(data, sshc, SSH_AUTH_KEY_INIT);
1711  }
1712  return CURLE_OK;
1713}
1714
1715static CURLcode ssh_state_auth_key_init(struct Curl_easy *data,
1716                                        struct ssh_conn *sshc)
1717{
1718  if((data->set.ssh_auth_types & CURLSSH_AUTH_KEYBOARD) &&
1719     (strstr(sshc->authlist, "keyboard-interactive") != NULL)) {
1720    myssh_to(data, sshc, SSH_AUTH_KEY);
1721  }
1722  else {
1723    myssh_to(data, sshc, SSH_AUTH_DONE);
1724  }
1725  return CURLE_OK;
1726}
1727
1728static CURLcode ssh_state_auth_key(struct Curl_easy *data,
1729                                   struct ssh_conn *sshc)
1730{
1731  /* Authentication failed. Continue with keyboard-interactive now. */
1732  struct connectdata *conn = data->conn;
1733  const char *user = Curl_creds_user(conn->creds);
1734  int rc =
1735    libssh2_userauth_keyboard_interactive_ex(sshc->ssh_session,
1736                                             user, curlx_uztoui(strlen(user)),
1737                                             &kbd_callback);
1738  if(rc == LIBSSH2_ERROR_EAGAIN)
1739    return CURLE_AGAIN;
1740
1741  if(rc == 0) {
1742    sshc->authed = TRUE;
1743    infof(data, "Initialized keyboard interactive authentication");
1744    myssh_to(data, sshc, SSH_AUTH_DONE);
1745    return CURLE_OK;
1746  }
1747  return CURLE_LOGIN_DENIED;
1748}
1749
1750static CURLcode ssh_state_auth_done(struct Curl_easy *data,
1751                                    struct ssh_conn *sshc)
1752{
1753  struct connectdata *conn = data->conn;
1754  if(!sshc->authed) {
1755    failf(data, "Authentication failure");
1756    myssh_to(data, sshc, SSH_SESSION_FREE);
1757    return CURLE_LOGIN_DENIED;
1758  }
1759
1760  /*
1761   * At this point we have an authenticated ssh session.
1762   */
1763  infof(data, "Authentication complete");
1764
1765  Curl_pgrsTime(data, TIMER_APPCONNECT); /* SSH is connected */
1766
1767  data->conn->recv_idx = FIRSTSOCKET;
1768  conn->send_idx = -1;
1769
1770  if(conn->scheme->protocol == CURLPROTO_SFTP) {
1771    myssh_to(data, sshc, SSH_SFTP_INIT);
1772    return CURLE_OK;
1773  }
1774  infof(data, "SSH CONNECT phase done");
1775  myssh_to(data, sshc, SSH_STOP);
1776  return CURLE_OK;
1777}
1778
1779static CURLcode ssh_state_sftp_init(struct Curl_easy *data,
1780                                    struct ssh_conn *sshc)
1781{
1782  /*
1783   * Start the libssh2 sftp session
1784   */
1785  sshc->sftp_session = libssh2_sftp_init(sshc->ssh_session);
1786  if(!sshc->sftp_session) {
1787    char *err_msg = NULL;
1788    if(libssh2_session_last_errno(sshc->ssh_session) ==
1789       LIBSSH2_ERROR_EAGAIN)
1790      return CURLE_AGAIN;
1791
1792    (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
1793    failf(data, "Failure initializing sftp session: %s", err_msg);
1794    myssh_to(data, sshc, SSH_SESSION_FREE);
1795    return CURLE_FAILED_INIT;
1796  }
1797  myssh_to(data, sshc, SSH_SFTP_REALPATH);
1798  return CURLE_OK;
1799}
1800
1801static CURLcode ssh_state_sftp_realpath(struct Curl_easy *data,
1802                                        struct ssh_conn *sshc,
1803                                        struct SSHPROTO *sshp)
1804{
1805  /*
1806   * Get the "home" directory
1807   */
1808  int rc;
1809
1810  if(!sshp)
1811    return CURLE_FAILED_INIT;
1812
1813  rc = libssh2_sftp_symlink_ex(sshc->sftp_session, ".",
1814                               curlx_uztoui(strlen(".")),
1815                               sshp->readdir_filename, CURL_PATH_MAX,
1816                               LIBSSH2_SFTP_REALPATH);
1817  if(rc == LIBSSH2_ERROR_EAGAIN)
1818    return CURLE_AGAIN;
1819
1820  myssh_to(data, sshc, SSH_STOP);
1821  if(rc > 0) {
1822    curlx_free(sshc->homedir);
1823    sshc->homedir = curlx_strdup(sshp->readdir_filename);
1824    if(!sshc->homedir)
1825      return CURLE_OUT_OF_MEMORY;
1826    curlx_free(data->state.most_recent_ftp_entrypath);
1827    data->state.most_recent_ftp_entrypath = curlx_strdup(sshc->homedir);
1828    if(!data->state.most_recent_ftp_entrypath)
1829      return CURLE_OUT_OF_MEMORY;
1830  }
1831  else {
1832    /* Return the error type */
1833    unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session);
1834    CURLcode result;
1835    if(sftperr)
1836      result = sftp_libssh2_error_to_CURLE(sftperr);
1837    else
1838      /* in this case, the error was not in the SFTP level but for example a
1839         time-out or similar */
1840      result = CURLE_SSH;
1841    CURL_TRC_SSH(data, "error = %lu makes libcurl = %d", sftperr, (int)result);
1842    return result;
1843  }
1844
1845  /* This is the last step in the SFTP connect phase. Do note that while we
1846     get the homedir here, we get the "workingpath" in the DO action since the
1847     homedir remains the same between request but the working path does not. */
1848  CURL_TRC_SSH(data, "CONNECT phase done");
1849  return CURLE_OK;
1850}
1851
1852static CURLcode ssh_state_sftp_quote_init(struct Curl_easy *data,
1853                                          struct ssh_conn *sshc,
1854                                          struct SSHPROTO *sshp)
1855{
1856  CURLcode result;
1857
1858  if(!sshp)
1859    return CURLE_FAILED_INIT;
1860
1861  result = Curl_getworkingpath(data, sshc->homedir, &sshp->path);
1862  if(result) {
1863    myssh_to(data, sshc, SSH_STOP);
1864    return result;
1865  }
1866
1867  if(data->set.quote) {
1868    infof(data, "Sending quote commands");
1869    sshc->quote_item = data->set.quote;
1870    myssh_to(data, sshc, SSH_SFTP_QUOTE);
1871  }
1872  else {
1873    myssh_to(data, sshc, SSH_SFTP_GETINFO);
1874  }
1875  return CURLE_OK;
1876}
1877
1878static CURLcode ssh_state_sftp_postquote_init(struct Curl_easy *data,
1879                                              struct ssh_conn *sshc)
1880{
1881  if(data->set.postquote) {
1882    infof(data, "Sending quote commands");
1883    sshc->quote_item = data->set.postquote;
1884    myssh_to(data, sshc, SSH_SFTP_QUOTE);
1885  }
1886  else {
1887    myssh_to(data, sshc, SSH_STOP);
1888  }
1889  return CURLE_OK;
1890}
1891
1892static CURLcode ssh_state_sftp_quote(struct Curl_easy *data,
1893                                     struct ssh_conn *sshc,
1894                                     struct SSHPROTO *sshp)
1895{
1896  /* Send quote commands */
1897  CURLcode result;
1898
1899  if(!sshp)
1900    return CURLE_FAILED_INIT;
1901
1902  result = sftp_quote(data, sshc, sshp);
1903  if(result) {
1904    myssh_to(data, sshc, SSH_SFTP_CLOSE);
1905    sshc->nextstate = SSH_NO_STATE;
1906  }
1907  return result;
1908}
1909
1910static CURLcode ssh_state_sftp_next_quote(struct Curl_easy *data,
1911                                          struct ssh_conn *sshc)
1912{
1913  curlx_safefree(sshc->quote_path1);
1914  curlx_safefree(sshc->quote_path2);
1915
1916  sshc->quote_item = sshc->quote_item->next;
1917
1918  if(sshc->quote_item) {
1919    myssh_to(data, sshc, SSH_SFTP_QUOTE);
1920  }
1921  else {
1922    if(sshc->nextstate != SSH_NO_STATE) {
1923      myssh_to(data, sshc, sshc->nextstate);
1924      sshc->nextstate = SSH_NO_STATE;
1925    }
1926    else {
1927      myssh_to(data, sshc, SSH_SFTP_GETINFO);
1928    }
1929  }
1930  return CURLE_OK;
1931}
1932
1933static CURLcode ssh_state_sftp_quote_stat(struct Curl_easy *data,
1934                                          struct ssh_conn *sshc,
1935                                          struct SSHPROTO *sshp,
1936                                          bool *blockp)
1937{
1938  CURLcode result;
1939
1940  if(!sshp)
1941    return CURLE_FAILED_INIT;
1942
1943  result = sftp_quote_stat(data, sshc, sshp, blockp);
1944  if(result) {
1945    myssh_to(data, sshc, SSH_SFTP_CLOSE);
1946    sshc->nextstate = SSH_NO_STATE;
1947  }
1948  return result;
1949}
1950
1951static CURLcode ssh_state_sftp_quote_setstat(struct Curl_easy *data,
1952                                             struct ssh_conn *sshc,
1953                                             struct SSHPROTO *sshp)
1954{
1955  int rc;
1956
1957  if(!sshp)
1958    return CURLE_FAILED_INIT;
1959
1960  rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshc->quote_path2,
1961                            curlx_uztoui(strlen(sshc->quote_path2)),
1962                            LIBSSH2_SFTP_SETSTAT,
1963                            &sshp->quote_attrs);
1964  if(rc == LIBSSH2_ERROR_EAGAIN)
1965    return CURLE_AGAIN;
1966
1967  if(rc && !sshc->acceptfail) {
1968    unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session);
1969    failf(data, "Attempt to set SFTP stats for \"%s\" failed: %s",
1970          sshc->quote_path2, sftp_libssh2_strerror(sftperr));
1971    curlx_safefree(sshc->quote_path1);
1972    curlx_safefree(sshc->quote_path2);
1973    myssh_to(data, sshc, SSH_SFTP_CLOSE);
1974    sshc->nextstate = SSH_NO_STATE;
1975    return CURLE_QUOTE_ERROR;
1976  }
1977  myssh_to(data, sshc, SSH_SFTP_NEXT_QUOTE);
1978  return CURLE_OK;
1979}
1980
1981static CURLcode ssh_state_sftp_quote_symlink(struct Curl_easy *data,
1982                                             struct ssh_conn *sshc)
1983{
1984  int rc =
1985    libssh2_sftp_symlink_ex(sshc->sftp_session, sshc->quote_path1,
1986                            curlx_uztoui(strlen(sshc->quote_path1)),
1987                            sshc->quote_path2,
1988                            curlx_uztoui(strlen(sshc->quote_path2)),
1989                            LIBSSH2_SFTP_SYMLINK);
1990  if(rc == LIBSSH2_ERROR_EAGAIN)
1991    return CURLE_AGAIN;
1992
1993  if(rc && !sshc->acceptfail) {
1994    unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session);
1995    failf(data, "symlink \"%s\" to \"%s\" failed: %s",
1996          sshc->quote_path1, sshc->quote_path2,
1997          sftp_libssh2_strerror(sftperr));
1998    curlx_safefree(sshc->quote_path1);
1999    curlx_safefree(sshc->quote_path2);
2000    myssh_to(data, sshc, SSH_SFTP_CLOSE);
2001    sshc->nextstate = SSH_NO_STATE;
2002    return CURLE_QUOTE_ERROR;
2003  }
2004  myssh_to(data, sshc, SSH_SFTP_NEXT_QUOTE);
2005  return CURLE_OK;
2006}
2007
2008static CURLcode ssh_state_sftp_quote_mkdir(struct Curl_easy *data,
2009                                           struct ssh_conn *sshc)
2010{
2011  int rc = libssh2_sftp_mkdir_ex(sshc->sftp_session, sshc->quote_path1,
2012                                 curlx_uztoui(strlen(sshc->quote_path1)),
2013                                 (long)data->set.new_directory_perms);
2014  if(rc == LIBSSH2_ERROR_EAGAIN)
2015    return CURLE_AGAIN;
2016
2017  if(rc && !sshc->acceptfail) {
2018    unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session);
2019    failf(data, "mkdir \"%s\" failed: %s",
2020          sshc->quote_path1, sftp_libssh2_strerror(sftperr));
2021    curlx_safefree(sshc->quote_path1);
2022    myssh_to(data, sshc, SSH_SFTP_CLOSE);
2023    sshc->nextstate = SSH_NO_STATE;
2024    return CURLE_QUOTE_ERROR;
2025  }
2026  myssh_to(data, sshc, SSH_SFTP_NEXT_QUOTE);
2027  return CURLE_OK;
2028}
2029
2030static CURLcode ssh_state_sftp_quote_rename(struct Curl_easy *data,
2031                                            struct ssh_conn *sshc)
2032{
2033  int rc =
2034    libssh2_sftp_rename_ex(sshc->sftp_session, sshc->quote_path1,
2035                           curlx_uztoui(strlen(sshc->quote_path1)),
2036                           sshc->quote_path2,
2037                           curlx_uztoui(strlen(sshc->quote_path2)),
2038                           LIBSSH2_SFTP_RENAME_OVERWRITE |
2039                           LIBSSH2_SFTP_RENAME_ATOMIC |
2040                           LIBSSH2_SFTP_RENAME_NATIVE);
2041
2042  if(rc == LIBSSH2_ERROR_EAGAIN)
2043    return CURLE_AGAIN;
2044
2045  if(rc && !sshc->acceptfail) {
2046    unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session);
2047    failf(data, "rename \"%s\" to \"%s\" failed: %s",
2048          sshc->quote_path1, sshc->quote_path2,
2049          sftp_libssh2_strerror(sftperr));
2050    curlx_safefree(sshc->quote_path1);
2051    curlx_safefree(sshc->quote_path2);
2052    myssh_to(data, sshc, SSH_SFTP_CLOSE);
2053    sshc->nextstate = SSH_NO_STATE;
2054    return CURLE_QUOTE_ERROR;
2055  }
2056  myssh_to(data, sshc, SSH_SFTP_NEXT_QUOTE);
2057  return CURLE_OK;
2058}
2059
2060static CURLcode ssh_state_sftp_quote_rmdir(struct Curl_easy *data,
2061                                           struct ssh_conn *sshc)
2062{
2063  int rc = libssh2_sftp_rmdir_ex(sshc->sftp_session, sshc->quote_path1,
2064                                 curlx_uztoui(strlen(sshc->quote_path1)));
2065  if(rc == LIBSSH2_ERROR_EAGAIN)
2066    return CURLE_AGAIN;
2067
2068  if(rc && !sshc->acceptfail) {
2069    unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session);
2070    failf(data, "rmdir \"%s\" failed: %s",
2071          sshc->quote_path1, sftp_libssh2_strerror(sftperr));
2072    curlx_safefree(sshc->quote_path1);
2073    myssh_to(data, sshc, SSH_SFTP_CLOSE);
2074    sshc->nextstate = SSH_NO_STATE;
2075    return CURLE_QUOTE_ERROR;
2076  }
2077  myssh_to(data, sshc, SSH_SFTP_NEXT_QUOTE);
2078  return CURLE_OK;
2079}
2080
2081static CURLcode ssh_state_sftp_quote_unlink(struct Curl_easy *data,
2082                                            struct ssh_conn *sshc)
2083{
2084  int rc = libssh2_sftp_unlink_ex(sshc->sftp_session, sshc->quote_path1,
2085                                  curlx_uztoui(strlen(sshc->quote_path1)));
2086  if(rc == LIBSSH2_ERROR_EAGAIN)
2087    return CURLE_AGAIN;
2088
2089  if(rc && !sshc->acceptfail) {
2090    unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session);
2091    failf(data, "rm \"%s\" failed: %s",
2092          sshc->quote_path1, sftp_libssh2_strerror(sftperr));
2093    curlx_safefree(sshc->quote_path1);
2094    myssh_to(data, sshc, SSH_SFTP_CLOSE);
2095    sshc->nextstate = SSH_NO_STATE;
2096    return CURLE_QUOTE_ERROR;
2097  }
2098  myssh_to(data, sshc, SSH_SFTP_NEXT_QUOTE);
2099  return CURLE_OK;
2100}
2101
2102static CURLcode ssh_state_sftp_quote_statvfs(struct Curl_easy *data,
2103                                             struct ssh_conn *sshc)
2104{
2105  LIBSSH2_SFTP_STATVFS statvfs;
2106  int rc = libssh2_sftp_statvfs(sshc->sftp_session, sshc->quote_path1,
2107                                curlx_uztoui(strlen(sshc->quote_path1)),
2108                                &statvfs);
2109
2110  if(rc == LIBSSH2_ERROR_EAGAIN)
2111    return CURLE_AGAIN;
2112
2113  if(rc && !sshc->acceptfail) {
2114    unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session);
2115    failf(data, "statvfs \"%s\" failed: %s",
2116          sshc->quote_path1, sftp_libssh2_strerror(sftperr));
2117    curlx_safefree(sshc->quote_path1);
2118    myssh_to(data, sshc, SSH_SFTP_CLOSE);
2119    sshc->nextstate = SSH_NO_STATE;
2120    return CURLE_QUOTE_ERROR;
2121  }
2122  else if(rc == 0) {
2123#ifdef _MSC_VER
2124#define CURL_LIBSSH2_VFS_SIZE_MASK "I64u"
2125#else
2126#define CURL_LIBSSH2_VFS_SIZE_MASK "llu"
2127#endif
2128    CURLcode result;
2129    char *tmp = curl_maprintf("statvfs:\n"
2130                              "f_bsize: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n"
2131                              "f_frsize: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n"
2132                              "f_blocks: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n"
2133                              "f_bfree: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n"
2134                              "f_bavail: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n"
2135                              "f_files: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n"
2136                              "f_ffree: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n"
2137                              "f_favail: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n"
2138                              "f_fsid: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n"
2139                              "f_flag: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n"
2140                              "f_namemax: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n",
2141                              statvfs.f_bsize, statvfs.f_frsize,
2142                              statvfs.f_blocks, statvfs.f_bfree,
2143                              statvfs.f_bavail, statvfs.f_files,
2144                              statvfs.f_ffree, statvfs.f_favail,
2145                              statvfs.f_fsid, statvfs.f_flag,
2146                              statvfs.f_namemax);
2147    if(!tmp) {
2148      myssh_to(data, sshc, SSH_SFTP_CLOSE);
2149      sshc->nextstate = SSH_NO_STATE;
2150      return CURLE_OUT_OF_MEMORY;
2151    }
2152
2153    result = Curl_client_write(data, CLIENTWRITE_HEADER, tmp, strlen(tmp));
2154    curlx_free(tmp);
2155    if(result) {
2156      myssh_to(data, sshc, SSH_SFTP_CLOSE);
2157      sshc->nextstate = SSH_NO_STATE;
2158      return result;
2159    }
2160  }
2161  myssh_to(data, sshc, SSH_SFTP_NEXT_QUOTE);
2162  return CURLE_OK;
2163}
2164
2165static CURLcode ssh_state_sftp_create_dirs_mkdir(struct Curl_easy *data,
2166                                                 struct ssh_conn *sshc,
2167                                                 struct SSHPROTO *sshp)
2168{
2169  /* 'mode' - parameter is preliminary - default to 0644 */
2170  int rc;
2171
2172  if(!sshp)
2173    return CURLE_FAILED_INIT;
2174
2175  rc = libssh2_sftp_mkdir_ex(sshc->sftp_session, sshp->path,
2176                             curlx_uztoui(strlen(sshp->path)),
2177                             (long)data->set.new_directory_perms);
2178  if(rc == LIBSSH2_ERROR_EAGAIN)
2179    return CURLE_AGAIN;
2180
2181  *sshc->slash_pos = '/';
2182  ++sshc->slash_pos;
2183  if(rc < 0) {
2184    /*
2185     * Abort if failure was not that the directory already exists or
2186     * the permission was denied (creation might succeed further down
2187     * the path) - retry on unspecific FAILURE also
2188     */
2189    unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session);
2190    if((sftperr != LIBSSH2_FX_FILE_ALREADY_EXISTS) &&
2191       (sftperr != LIBSSH2_FX_FAILURE) &&
2192       (sftperr != LIBSSH2_FX_PERMISSION_DENIED)) {
2193      myssh_to(data, sshc, SSH_SFTP_CLOSE);
2194      return sftp_libssh2_error_to_CURLE(sftperr);
2195    }
2196  }
2197  myssh_to(data, sshc, SSH_SFTP_CREATE_DIRS);
2198  return CURLE_OK;
2199}
2200
2201static CURLcode ssh_state_sftp_readdir_init(struct Curl_easy *data,
2202                                            struct ssh_conn *sshc,
2203                                            struct SSHPROTO *sshp)
2204{
2205  if(!sshp)
2206    return CURLE_FAILED_INIT;
2207
2208  Curl_pgrsSetDownloadSize(data, -1);
2209  if(data->req.no_body) {
2210    myssh_to(data, sshc, SSH_STOP);
2211    return CURLE_OK;
2212  }
2213
2214  /*
2215   * This is a directory that we are trying to get, so produce a directory
2216   * listing
2217   */
2218  sshc->sftp_handle =
2219    libssh2_sftp_open_ex(sshc->sftp_session, sshp->path,
2220                         curlx_uztoui(strlen(sshp->path)),
2221                         0, 0, LIBSSH2_SFTP_OPENDIR);
2222  if(!sshc->sftp_handle) {
2223    unsigned long sftperr;
2224    if(libssh2_session_last_errno(sshc->ssh_session) == LIBSSH2_ERROR_EAGAIN)
2225      return CURLE_AGAIN;
2226
2227    sftperr = libssh2_sftp_last_error(sshc->sftp_session);
2228    failf(data, "Could not open directory for reading: %s",
2229          sftp_libssh2_strerror(sftperr));
2230    myssh_to(data, sshc, SSH_SFTP_CLOSE);
2231    return sftp_libssh2_error_to_CURLE(sftperr);
2232  }
2233  myssh_to(data, sshc, SSH_SFTP_READDIR);
2234  return CURLE_OK;
2235}
2236
2237static CURLcode ssh_state_sftp_readdir_link(struct Curl_easy *data,
2238                                            struct ssh_conn *sshc,
2239                                            struct SSHPROTO *sshp)
2240{
2241  CURLcode result;
2242  int rc;
2243  if(!sshp)
2244    return CURLE_FAILED_INIT;
2245
2246  rc = libssh2_sftp_symlink_ex(sshc->sftp_session,
2247                               curlx_dyn_ptr(&sshp->readdir_link),
2248                               (unsigned int)
2249                               curlx_dyn_len(&sshp->readdir_link),
2250                               sshp->readdir_filename,
2251                               CURL_PATH_MAX, LIBSSH2_SFTP_READLINK);
2252  if(rc == LIBSSH2_ERROR_EAGAIN)
2253    return CURLE_AGAIN;
2254
2255  curlx_dyn_free(&sshp->readdir_link);
2256
2257  if(rc < 0)
2258    return CURLE_OUT_OF_MEMORY;
2259
2260  /* append filename and extra output */
2261  result = curlx_dyn_addf(&sshp->readdir, " -> %s", sshp->readdir_filename);
2262  if(result)
2263    myssh_to(data, sshc, SSH_SFTP_CLOSE);
2264  else
2265    myssh_to(data, sshc, SSH_SFTP_READDIR_BOTTOM);
2266  return result;
2267}
2268
2269static CURLcode ssh_state_scp_download_init(struct Curl_easy *data,
2270                                            struct ssh_conn *sshc,
2271                                            struct SSHPROTO *sshp)
2272{
2273  curl_off_t bytecount;
2274  libssh2_struct_stat sb;
2275
2276  if(!sshp)
2277    return CURLE_FAILED_INIT;
2278  /*
2279   * We must check the remote file; if it is a directory no values are
2280   * be set in sb
2281   */
2282
2283  /*
2284   * If support for >2GB files exists, use it.
2285   */
2286
2287  /* get a fresh new channel from the ssh layer */
2288  memset(&sb, 0, sizeof(libssh2_struct_stat));
2289  sshc->ssh_channel = libssh2_scp_recv2(sshc->ssh_session, sshp->path, &sb);
2290  if(!sshc->ssh_channel) {
2291    int ssh_err;
2292    char *err_msg = NULL;
2293
2294    if(libssh2_session_last_errno(sshc->ssh_session) ==
2295       LIBSSH2_ERROR_EAGAIN)
2296      return CURLE_AGAIN;
2297
2298    ssh_err = libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
2299    failf(data, "%s", err_msg);
2300    myssh_to(data, sshc, SSH_SCP_CHANNEL_FREE);
2301    return libssh2_session_error_to_CURLE(ssh_err);
2302  }
2303
2304  /* download data */
2305  bytecount = (curl_off_t)sb.st_size;
2306  data->req.maxdownload = (curl_off_t)sb.st_size;
2307  Curl_xfer_setup_recv(data, FIRSTSOCKET, bytecount);
2308
2309  /* not set by Curl_xfer_setup to preserve io_flags */
2310  data->conn->send_idx = 0;
2311
2312  myssh_to(data, sshc, SSH_STOP);
2313  return CURLE_OK;
2314}
2315
2316static CURLcode ssh_state_sftp_close(struct Curl_easy *data,
2317                                     struct ssh_conn *sshc,
2318                                     struct SSHPROTO *sshp)
2319{
2320  int rc = 0;
2321  if(!sshp)
2322    return CURLE_FAILED_INIT;
2323  if(sshc->sftp_handle) {
2324    rc = libssh2_sftp_close(sshc->sftp_handle);
2325    if(rc == LIBSSH2_ERROR_EAGAIN)
2326      return CURLE_AGAIN;
2327
2328    if(rc < 0) {
2329      char *err_msg = NULL;
2330      (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
2331      infof(data, "Failed to close libssh2 file: %d %s", rc, err_msg);
2332    }
2333    sshc->sftp_handle = NULL;
2334  }
2335
2336  curlx_safefree(sshp->path);
2337
2338  CURL_TRC_SSH(data, "SFTP DONE done");
2339
2340  /* Check if nextstate is set and move .nextstate could be POSTQUOTE_INIT
2341     After nextstate is executed, the control should come back to
2342     SSH_SFTP_CLOSE to pass the correct result back */
2343  if(sshc->nextstate != SSH_NO_STATE &&
2344     sshc->nextstate != SSH_SFTP_CLOSE) {
2345    myssh_to(data, sshc, sshc->nextstate);
2346    sshc->nextstate = SSH_SFTP_CLOSE;
2347  }
2348  else
2349    myssh_to(data, sshc, SSH_STOP);
2350
2351  return CURLE_OK;
2352}
2353
2354static CURLcode ssh_state_sftp_shutdown(struct Curl_easy *data,
2355                                        struct ssh_conn *sshc)
2356{
2357  /* during times we get here due to a broken transfer and then the
2358     sftp_handle might not have been taken down so make sure that is done
2359     before we proceed */
2360  int rc = 0;
2361  if(sshc->sftp_handle) {
2362    rc = libssh2_sftp_close(sshc->sftp_handle);
2363    if(rc == LIBSSH2_ERROR_EAGAIN)
2364      return CURLE_AGAIN;
2365
2366    if(rc < 0) {
2367      char *err_msg = NULL;
2368      (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
2369      infof(data, "Failed to close libssh2 file: %d %s", rc, err_msg);
2370    }
2371    sshc->sftp_handle = NULL;
2372  }
2373  if(sshc->sftp_session) {
2374    rc = libssh2_sftp_shutdown(sshc->sftp_session);
2375    if(rc == LIBSSH2_ERROR_EAGAIN)
2376      return CURLE_AGAIN;
2377
2378    if(rc < 0) {
2379      infof(data, "Failed to stop libssh2 sftp subsystem");
2380    }
2381    sshc->sftp_session = NULL;
2382  }
2383
2384  curlx_safefree(sshc->homedir);
2385
2386  myssh_to(data, sshc, SSH_SESSION_DISCONNECT);
2387  return CURLE_OK;
2388}
2389
2390static CURLcode ssh_state_sftp_download_init(struct Curl_easy *data,
2391                                             struct ssh_conn *sshc,
2392                                             struct SSHPROTO *sshp)
2393{
2394  if(!sshp)
2395    return CURLE_FAILED_INIT;
2396  /*
2397   * Work on getting the specified file
2398   */
2399  sshc->sftp_handle =
2400    libssh2_sftp_open_ex(sshc->sftp_session, sshp->path,
2401                         curlx_uztoui(strlen(sshp->path)),
2402                         LIBSSH2_FXF_READ, (long)data->set.new_file_perms,
2403                         LIBSSH2_SFTP_OPENFILE);
2404  if(!sshc->sftp_handle) {
2405    unsigned long sftperr;
2406    if(libssh2_session_last_errno(sshc->ssh_session) ==
2407       LIBSSH2_ERROR_EAGAIN) {
2408      return CURLE_AGAIN;
2409    }
2410    sftperr = libssh2_sftp_last_error(sshc->sftp_session);
2411    failf(data, "Could not open remote file for reading: %s",
2412          sftp_libssh2_strerror(sftperr));
2413    myssh_to(data, sshc, SSH_SFTP_CLOSE);
2414    return sftp_libssh2_error_to_CURLE(sftperr);
2415  }
2416  myssh_to(data, sshc, SSH_SFTP_DOWNLOAD_STAT);
2417  return CURLE_OK;
2418}
2419
2420static CURLcode ssh_state_scp_upload_init(struct Curl_easy *data,
2421                                          struct ssh_conn *sshc,
2422                                          struct SSHPROTO *sshp)
2423{
2424  if(!sshp)
2425    return CURLE_FAILED_INIT;
2426  /*
2427   * libssh2 requires that the destination path is a full path that
2428   * includes the destination file and name OR ends in a "/" . If this is
2429   * not done the destination file is named the same name as the last
2430   * directory in the path.
2431   */
2432  sshc->ssh_channel =
2433    libssh2_scp_send64(sshc->ssh_session, sshp->path,
2434                       (int)data->set.new_file_perms,
2435                       (libssh2_int64_t)data->state.infilesize, 0, 0);
2436  if(!sshc->ssh_channel) {
2437    int ssh_err;
2438    char *err_msg = NULL;
2439    CURLcode result;
2440    if(libssh2_session_last_errno(sshc->ssh_session) ==
2441       LIBSSH2_ERROR_EAGAIN)
2442      return CURLE_AGAIN;
2443
2444    ssh_err = libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
2445    failf(data, "%s", err_msg);
2446    myssh_to(data, sshc, SSH_SCP_CHANNEL_FREE);
2447    result = libssh2_session_error_to_CURLE(ssh_err);
2448
2449    /* Map generic errors to upload failed */
2450    if(result == CURLE_SSH ||
2451       result == CURLE_REMOTE_FILE_NOT_FOUND)
2452      result = CURLE_UPLOAD_FAILED;
2453    return result;
2454  }
2455
2456  /* upload data */
2457  data->req.size = data->state.infilesize;
2458  Curl_pgrsSetUploadSize(data, data->state.infilesize);
2459  Curl_xfer_setup_send(data, FIRSTSOCKET);
2460
2461  /* not set by Curl_xfer_setup to preserve io_flags */
2462  data->conn->recv_idx = FIRSTSOCKET;
2463
2464  myssh_to(data, sshc, SSH_STOP);
2465
2466  return CURLE_OK;
2467}
2468
2469static CURLcode ssh_state_session_disconnect(struct Curl_easy *data,
2470                                             struct ssh_conn *sshc)
2471{
2472  /* during weird times when we have been prematurely aborted, the channel
2473     is still alive when we reach this state and we MUST kill the channel
2474     properly first */
2475  int rc = 0;
2476  if(sshc->ssh_channel) {
2477    rc = libssh2_channel_free(sshc->ssh_channel);
2478    if(rc == LIBSSH2_ERROR_EAGAIN)
2479      return CURLE_AGAIN;
2480
2481    if(rc < 0) {
2482      char *err_msg = NULL;
2483      (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
2484      infof(data, "Failed to free libssh2 scp subsystem: %d %s", rc, err_msg);
2485    }
2486    sshc->ssh_channel = NULL;
2487  }
2488
2489  if(sshc->ssh_session) {
2490    rc = libssh2_session_disconnect(sshc->ssh_session, "Shutdown");
2491    if(rc == LIBSSH2_ERROR_EAGAIN)
2492      return CURLE_AGAIN;
2493
2494    if(rc < 0) {
2495      char *err_msg = NULL;
2496      (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
2497      infof(data, "Failed to disconnect libssh2 session: %d %s", rc, err_msg);
2498    }
2499  }
2500
2501  curlx_safefree(sshc->homedir);
2502
2503  myssh_to(data, sshc, SSH_SESSION_FREE);
2504  return CURLE_OK;
2505}
2506
2507static CURLcode sshc_cleanup(struct ssh_conn *sshc, struct Curl_easy *data,
2508                             bool block)
2509{
2510  int rc;
2511
2512  if(sshc->kh) {
2513    libssh2_knownhost_free(sshc->kh);
2514    sshc->kh = NULL;
2515  }
2516
2517  if(sshc->ssh_agent) {
2518    rc = libssh2_agent_disconnect(sshc->ssh_agent);
2519    if((rc < 0) && data) {
2520      char *err_msg = NULL;
2521      (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
2522      infof(data, "Failed to disconnect from libssh2 agent: %d %s",
2523            rc, err_msg);
2524    }
2525    if(!block && (rc == LIBSSH2_ERROR_EAGAIN))
2526      return CURLE_AGAIN;
2527
2528    libssh2_agent_free(sshc->ssh_agent);
2529    sshc->ssh_agent = NULL;
2530
2531    /* NB: there is no need to free identities, they are part of internal
2532       agent stuff */
2533    sshc->sshagent_identity = NULL;
2534    sshc->sshagent_prev_identity = NULL;
2535  }
2536
2537  if(sshc->sftp_handle) {
2538    rc = libssh2_sftp_close(sshc->sftp_handle);
2539    if((rc < 0) && data) {
2540      char *err_msg = NULL;
2541      (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
2542      infof(data, "Failed to close libssh2 file: %d %s", rc, err_msg);
2543    }
2544    if(!block && (rc == LIBSSH2_ERROR_EAGAIN))
2545      return CURLE_AGAIN;
2546
2547    sshc->sftp_handle = NULL;
2548  }
2549
2550  if(sshc->ssh_channel) {
2551    rc = libssh2_channel_free(sshc->ssh_channel);
2552    if((rc < 0) && data) {
2553      char *err_msg = NULL;
2554      (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
2555      infof(data, "Failed to free libssh2 scp subsystem: %d %s", rc, err_msg);
2556    }
2557    if(!block && (rc == LIBSSH2_ERROR_EAGAIN))
2558      return CURLE_AGAIN;
2559
2560    sshc->ssh_channel = NULL;
2561  }
2562
2563  if(sshc->sftp_session) {
2564    rc = libssh2_sftp_shutdown(sshc->sftp_session);
2565    if((rc < 0) && data) {
2566      char *err_msg = NULL;
2567      (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
2568      infof(data, "Failed to stop libssh2 sftp subsystem: %d %s", rc, err_msg);
2569    }
2570    if(!block && (rc == LIBSSH2_ERROR_EAGAIN))
2571      return CURLE_AGAIN;
2572
2573    sshc->sftp_session = NULL;
2574  }
2575
2576  if(sshc->ssh_session) {
2577    rc = libssh2_session_free(sshc->ssh_session);
2578    if((rc < 0) && data) {
2579      char *err_msg = NULL;
2580      (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
2581      infof(data, "Failed to free libssh2 session: %d %s", rc, err_msg);
2582    }
2583    if(!block && (rc == LIBSSH2_ERROR_EAGAIN))
2584      return CURLE_AGAIN;
2585
2586    sshc->ssh_session = NULL;
2587  }
2588
2589  /* worst-case scenario cleanup */
2590  DEBUGASSERT(sshc->ssh_session == NULL);
2591  DEBUGASSERT(sshc->ssh_channel == NULL);
2592  DEBUGASSERT(sshc->sftp_session == NULL);
2593  DEBUGASSERT(sshc->sftp_handle == NULL);
2594  DEBUGASSERT(sshc->kh == NULL);
2595  DEBUGASSERT(sshc->ssh_agent == NULL);
2596
2597  curlx_safefree(sshc->rsa_pub);
2598  curlx_safefree(sshc->rsa);
2599  curlx_safefree(sshc->quote_path1);
2600  curlx_safefree(sshc->quote_path2);
2601  curlx_safefree(sshc->homedir);
2602
2603  return CURLE_OK;
2604}
2605
2606static CURLcode ssh_state_sftp_getinfo(struct Curl_easy *data,
2607                                       struct ssh_conn *sshc)
2608{
2609  if(data->set.get_filetime)
2610    myssh_to(data, sshc, SSH_SFTP_FILETIME);
2611  else
2612    myssh_to(data, sshc, SSH_SFTP_TRANS_INIT);
2613  return CURLE_OK;
2614}
2615
2616static CURLcode ssh_state_sftp_filetime(struct Curl_easy *data,
2617                                        struct ssh_conn *sshc,
2618                                        struct SSHPROTO *sshp)
2619{
2620  LIBSSH2_SFTP_ATTRIBUTES attrs;
2621  int rc;
2622
2623  if(!sshp)
2624    return CURLE_FAILED_INIT;
2625
2626  rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshp->path,
2627                            curlx_uztoui(strlen(sshp->path)),
2628                            LIBSSH2_SFTP_STAT, &attrs);
2629  if(rc == LIBSSH2_ERROR_EAGAIN)
2630    return CURLE_AGAIN;
2631
2632  if(rc == 0)
2633    data->info.filetime = (time_t)attrs.mtime;
2634
2635  myssh_to(data, sshc, SSH_SFTP_TRANS_INIT);
2636  return CURLE_OK;
2637}
2638
2639static CURLcode ssh_state_sftp_trans_init(struct Curl_easy *data,
2640                                          struct ssh_conn *sshc,
2641                                          struct SSHPROTO *sshp)
2642{
2643  if(data->state.upload)
2644    myssh_to(data, sshc, SSH_SFTP_UPLOAD_INIT);
2645  else if(sshp) {
2646    size_t plen = strlen(sshp->path);
2647    if(plen && (sshp->path[plen - 1] == '/'))
2648      myssh_to(data, sshc, SSH_SFTP_READDIR_INIT);
2649    else
2650      myssh_to(data, sshc, SSH_SFTP_DOWNLOAD_INIT);
2651  }
2652  else
2653    return CURLE_FAILED_INIT;
2654  return CURLE_OK;
2655}
2656
2657static CURLcode ssh_state_sftp_upload_init(struct Curl_easy *data,
2658                                           struct ssh_conn *sshc,
2659                                           struct SSHPROTO *sshp,
2660                                           bool *block)
2661{
2662  CURLcode result;
2663  if(!sshp)
2664    return CURLE_FAILED_INIT;
2665  result = sftp_upload_init(data, sshc, sshp, block);
2666  if(result) {
2667    myssh_to(data, sshc, SSH_SFTP_CLOSE);
2668    sshc->nextstate = SSH_NO_STATE;
2669  }
2670  return result;
2671}
2672
2673static CURLcode ssh_state_sftp_create_dirs_init(struct Curl_easy *data,
2674                                                struct ssh_conn *sshc,
2675                                                struct SSHPROTO *sshp)
2676{
2677  if(!sshp)
2678    return CURLE_FAILED_INIT;
2679  if(strlen(sshp->path) > 1) {
2680    sshc->slash_pos = sshp->path + 1; /* ignore the leading '/' */
2681    myssh_to(data, sshc, SSH_SFTP_CREATE_DIRS);
2682  }
2683  else
2684    myssh_to(data, sshc, SSH_SFTP_UPLOAD_INIT);
2685  return CURLE_OK;
2686}
2687
2688static CURLcode ssh_state_sftp_create_dirs(struct Curl_easy *data,
2689                                           struct ssh_conn *sshc,
2690                                           struct SSHPROTO *sshp)
2691{
2692  if(!sshp)
2693    return CURLE_FAILED_INIT;
2694  sshc->slash_pos = strchr(sshc->slash_pos, '/');
2695  if(sshc->slash_pos) {
2696    *sshc->slash_pos = 0;
2697    infof(data, "Creating directory '%s'", sshp->path);
2698    myssh_to(data, sshc, SSH_SFTP_CREATE_DIRS_MKDIR);
2699    return CURLE_OK;
2700  }
2701  myssh_to(data, sshc, SSH_SFTP_UPLOAD_INIT);
2702  return CURLE_OK;
2703}
2704
2705static CURLcode ssh_state_sftp_readdir(struct Curl_easy *data,
2706                                       struct ssh_conn *sshc,
2707                                       struct SSHPROTO *sshp,
2708                                       bool *block)
2709{
2710  CURLcode result;
2711  if(!sshp)
2712    return CURLE_FAILED_INIT;
2713  result = sftp_readdir(data, sshc, sshp, block);
2714  if(result)
2715    myssh_to(data, sshc, SSH_SFTP_CLOSE);
2716  return result;
2717}
2718
2719static CURLcode ssh_state_sftp_readdir_bottom(struct Curl_easy *data,
2720                                              struct ssh_conn *sshc,
2721                                              struct SSHPROTO *sshp)
2722{
2723  CURLcode result;
2724  if(!sshp)
2725    return CURLE_FAILED_INIT;
2726
2727  result = curlx_dyn_addn(&sshp->readdir, "\n", 1);
2728  if(!result)
2729    result = Curl_client_write(data, CLIENTWRITE_BODY,
2730                               curlx_dyn_ptr(&sshp->readdir),
2731                               curlx_dyn_len(&sshp->readdir));
2732  if(result) {
2733    curlx_dyn_free(&sshp->readdir);
2734    myssh_to(data, sshc, SSH_STOP);
2735  }
2736  else {
2737    curlx_dyn_reset(&sshp->readdir);
2738    myssh_to(data, sshc, SSH_SFTP_READDIR);
2739  }
2740  return result;
2741}
2742
2743static CURLcode ssh_state_sftp_readdir_done(struct Curl_easy *data,
2744                                            struct ssh_conn *sshc)
2745{
2746  if(libssh2_sftp_closedir(sshc->sftp_handle) ==
2747     LIBSSH2_ERROR_EAGAIN)
2748    return CURLE_AGAIN;
2749
2750  sshc->sftp_handle = NULL;
2751
2752  /* no data to transfer */
2753  Curl_xfer_setup_nop(data);
2754  myssh_to(data, sshc, SSH_STOP);
2755  return CURLE_OK;
2756}
2757
2758static CURLcode ssh_state_sftp_download_stat(struct Curl_easy *data,
2759                                             struct ssh_conn *sshc,
2760                                             struct SSHPROTO *sshp,
2761                                             bool *block)
2762{
2763  CURLcode result;
2764  if(!sshp)
2765    return CURLE_FAILED_INIT;
2766  result = sftp_download_stat(data, sshc, sshp, block);
2767  if(result) {
2768    myssh_to(data, sshc, SSH_SFTP_CLOSE);
2769    sshc->nextstate = SSH_NO_STATE;
2770  }
2771  return result;
2772}
2773
2774static CURLcode ssh_state_scp_trans_init(struct Curl_easy *data,
2775                                         struct ssh_conn *sshc,
2776                                         struct SSHPROTO *sshp)
2777{
2778  CURLcode result;
2779  if(!sshp)
2780    return CURLE_FAILED_INIT;
2781  result = Curl_getworkingpath(data, sshc->homedir,
2782                               &sshp->path);
2783  if(result) {
2784    myssh_to(data, sshc, SSH_STOP);
2785    return result;
2786  }
2787
2788  if(data->state.upload) {
2789    if(data->state.infilesize < 0) {
2790      failf(data, "SCP requires a known file size for upload");
2791      myssh_to(data, sshc, SSH_SCP_CHANNEL_FREE);
2792      return CURLE_UPLOAD_FAILED;
2793    }
2794    myssh_to(data, sshc, SSH_SCP_UPLOAD_INIT);
2795  }
2796  else
2797    myssh_to(data, sshc, SSH_SCP_DOWNLOAD_INIT);
2798  return CURLE_OK;
2799}
2800
2801static CURLcode ssh_state_scp_done(struct Curl_easy *data,
2802                                   struct ssh_conn *sshc)
2803{
2804  if(data->state.upload)
2805    myssh_to(data, sshc, SSH_SCP_SEND_EOF);
2806  else
2807    myssh_to(data, sshc, SSH_SCP_CHANNEL_FREE);
2808  return CURLE_OK;
2809}
2810
2811static CURLcode ssh_state_scp_send_eof(struct Curl_easy *data,
2812                                       struct ssh_conn *sshc)
2813{
2814  if(sshc->ssh_channel) {
2815    int rc = libssh2_channel_send_eof(sshc->ssh_channel);
2816    if(rc == LIBSSH2_ERROR_EAGAIN)
2817      return CURLE_AGAIN;
2818    if(rc) {
2819      char *err_msg = NULL;
2820      (void)libssh2_session_last_error(sshc->ssh_session,
2821                                       &err_msg, NULL, 0);
2822      infof(data,
2823            "Failed to send libssh2 channel EOF: %d %s",
2824            rc, err_msg);
2825    }
2826  }
2827  myssh_to(data, sshc, SSH_SCP_WAIT_EOF);
2828  return CURLE_OK;
2829}
2830
2831static CURLcode ssh_state_scp_wait_eof(struct Curl_easy *data,
2832                                       struct ssh_conn *sshc)
2833{
2834  if(sshc->ssh_channel) {
2835    int rc = libssh2_channel_wait_eof(sshc->ssh_channel);
2836    if(rc == LIBSSH2_ERROR_EAGAIN)
2837      return CURLE_AGAIN;
2838    if(rc) {
2839      char *err_msg = NULL;
2840      (void)libssh2_session_last_error(sshc->ssh_session,
2841                                       &err_msg, NULL, 0);
2842      infof(data, "Failed to get channel EOF: %d %s",
2843            rc, err_msg);
2844    }
2845  }
2846  myssh_to(data, sshc, SSH_SCP_WAIT_CLOSE);
2847  return CURLE_OK;
2848}
2849
2850static CURLcode ssh_state_scp_wait_close(struct Curl_easy *data,
2851                                         struct ssh_conn *sshc)
2852{
2853  if(sshc->ssh_channel) {
2854    int rc =
2855      libssh2_channel_wait_closed(sshc->ssh_channel);
2856    if(rc == LIBSSH2_ERROR_EAGAIN)
2857      return CURLE_AGAIN;
2858    if(rc) {
2859      char *err_msg = NULL;
2860      (void)libssh2_session_last_error(sshc->ssh_session,
2861                                       &err_msg, NULL, 0);
2862      infof(data, "Channel failed to close: %d %s",
2863            rc, err_msg);
2864    }
2865  }
2866  myssh_to(data, sshc, SSH_SCP_CHANNEL_FREE);
2867  return CURLE_OK;
2868}
2869
2870static CURLcode ssh_state_scp_channel_free(
2871  struct Curl_easy *data,
2872  struct ssh_conn *sshc)
2873{
2874  if(sshc->ssh_channel) {
2875    int rc = libssh2_channel_free(sshc->ssh_channel);
2876    if(rc == LIBSSH2_ERROR_EAGAIN)
2877      return CURLE_AGAIN;
2878    if(rc < 0) {
2879      char *err_msg = NULL;
2880      (void)libssh2_session_last_error(sshc->ssh_session,
2881                                       &err_msg, NULL, 0);
2882      infof(data,
2883            "Failed to free libssh2 scp subsystem: %d %s",
2884            rc, err_msg);
2885    }
2886    sshc->ssh_channel = NULL;
2887  }
2888  CURL_TRC_SSH(data, "SCP DONE phase complete");
2889  myssh_to(data, sshc, SSH_STOP);
2890  return CURLE_OK;
2891}
2892
2893static CURLcode ssh_state_session_free(struct Curl_easy *data,
2894                                       struct ssh_conn *sshc)
2895{
2896  CURLcode result = sshc_cleanup(sshc, data, FALSE);
2897  struct connectdata *conn = data->conn;
2898  if(result)
2899    return result;
2900  memset(sshc, 0, sizeof(struct ssh_conn));
2901  connclose(conn, "SSH session free");
2902  sshc->state = SSH_SESSION_FREE; /* current */
2903  myssh_to(data, sshc, SSH_STOP);
2904  return CURLE_OK;
2905}
2906
2907/*
2908 * ssh_statemachine() runs the SSH state machine as far as it can without
2909 * blocking and without reaching the end. The data the pointer 'block' points
2910 * to is set to TRUE if the libssh2 function returns LIBSSH2_ERROR_EAGAIN
2911 * meaning it wants to be called again when the socket is ready
2912 */
2913static CURLcode ssh_statemachine(struct Curl_easy *data,
2914                                 struct ssh_conn *sshc,
2915                                 struct SSHPROTO *sshp,
2916                                 bool *block)
2917{
2918  CURLcode result = CURLE_OK;
2919  *block = 0; /* we are not blocking by default */
2920
2921  do {
2922    switch(sshc->state) {
2923    case SSH_INIT:
2924      result = ssh_state_init(data, sshc);
2925      if(result)
2926        break;
2927      FALLTHROUGH();
2928
2929    case SSH_S_STARTUP:
2930      result = ssh_state_startup(data, sshc);
2931      if(result)
2932        break;
2933      FALLTHROUGH();
2934
2935    case SSH_HOSTKEY:
2936      result = ssh_state_hostkey(data, sshc);
2937      break;
2938
2939    case SSH_AUTHLIST:
2940      result = ssh_state_authlist(data, sshc);
2941      break;
2942
2943    case SSH_AUTH_PKEY_INIT:
2944      result = ssh_state_pkey_init(data, sshc);
2945      break;
2946
2947    case SSH_AUTH_PKEY:
2948      result = ssh_state_auth_pkey(data, sshc);
2949      break;
2950
2951    case SSH_AUTH_PASS_INIT:
2952      result = ssh_state_auth_pass_init(data, sshc);
2953      break;
2954
2955    case SSH_AUTH_PASS:
2956      result = ssh_state_auth_pass(data, sshc);
2957      break;
2958
2959    case SSH_AUTH_HOST_INIT:
2960      result = ssh_state_auth_host_init(data, sshc);
2961      break;
2962
2963    case SSH_AUTH_HOST:
2964      myssh_to(data, sshc, SSH_AUTH_AGENT_INIT);
2965      break;
2966
2967    case SSH_AUTH_AGENT_INIT:
2968      result = ssh_state_auth_agent_init(data, sshc);
2969      break;
2970
2971    case SSH_AUTH_AGENT_LIST:
2972      result = ssh_state_auth_agent_list(data, sshc);
2973      break;
2974
2975    case SSH_AUTH_AGENT:
2976      result = ssh_state_auth_agent(data, sshc);
2977      break;
2978
2979    case SSH_AUTH_KEY_INIT:
2980      result = ssh_state_auth_key_init(data, sshc);
2981      break;
2982
2983    case SSH_AUTH_KEY:
2984      result = ssh_state_auth_key(data, sshc);
2985      break;
2986
2987    case SSH_AUTH_DONE:
2988      result = ssh_state_auth_done(data, sshc);
2989      break;
2990
2991    case SSH_SFTP_INIT:
2992      result = ssh_state_sftp_init(data, sshc);
2993      break;
2994
2995    case SSH_SFTP_REALPATH:
2996      result = ssh_state_sftp_realpath(data, sshc, sshp);
2997      break;
2998
2999    case SSH_SFTP_QUOTE_INIT:
3000      result = ssh_state_sftp_quote_init(data, sshc, sshp);
3001      break;
3002
3003    case SSH_SFTP_POSTQUOTE_INIT:
3004      result = ssh_state_sftp_postquote_init(data, sshc);
3005      break;
3006
3007    case SSH_SFTP_QUOTE:
3008      result = ssh_state_sftp_quote(data, sshc, sshp);
3009      break;
3010
3011    case SSH_SFTP_NEXT_QUOTE:
3012      result = ssh_state_sftp_next_quote(data, sshc);
3013      break;
3014
3015    case SSH_SFTP_QUOTE_STAT:
3016      result = ssh_state_sftp_quote_stat(data, sshc, sshp, block);
3017      break;
3018
3019    case SSH_SFTP_QUOTE_SETSTAT:
3020      result = ssh_state_sftp_quote_setstat(data, sshc, sshp);
3021      break;
3022
3023    case SSH_SFTP_QUOTE_SYMLINK:
3024      result = ssh_state_sftp_quote_symlink(data, sshc);
3025      break;
3026
3027    case SSH_SFTP_QUOTE_MKDIR:
3028      result = ssh_state_sftp_quote_mkdir(data, sshc);
3029      break;
3030
3031    case SSH_SFTP_QUOTE_RENAME:
3032      result = ssh_state_sftp_quote_rename(data, sshc);
3033      break;
3034
3035    case SSH_SFTP_QUOTE_RMDIR:
3036      result = ssh_state_sftp_quote_rmdir(data, sshc);
3037      break;
3038
3039    case SSH_SFTP_QUOTE_UNLINK:
3040      result = ssh_state_sftp_quote_unlink(data, sshc);
3041      break;
3042
3043    case SSH_SFTP_QUOTE_STATVFS:
3044      result = ssh_state_sftp_quote_statvfs(data, sshc);
3045      break;
3046
3047    case SSH_SFTP_GETINFO:
3048      result = ssh_state_sftp_getinfo(data, sshc);
3049      break;
3050
3051    case SSH_SFTP_FILETIME:
3052      result = ssh_state_sftp_filetime(data, sshc, sshp);
3053      break;
3054
3055    case SSH_SFTP_TRANS_INIT:
3056      result = ssh_state_sftp_trans_init(data, sshc, sshp);
3057      break;
3058
3059    case SSH_SFTP_UPLOAD_INIT:
3060      result = ssh_state_sftp_upload_init(data, sshc, sshp, block);
3061      break;
3062
3063    case SSH_SFTP_CREATE_DIRS_INIT:
3064      result = ssh_state_sftp_create_dirs_init(data, sshc, sshp);
3065      break;
3066
3067    case SSH_SFTP_CREATE_DIRS:
3068      result = ssh_state_sftp_create_dirs(data, sshc, sshp);
3069      break;
3070
3071    case SSH_SFTP_CREATE_DIRS_MKDIR:
3072      result = ssh_state_sftp_create_dirs_mkdir(data, sshc, sshp);
3073      break;
3074
3075    case SSH_SFTP_READDIR_INIT:
3076      result = ssh_state_sftp_readdir_init(data, sshc, sshp);
3077      break;
3078
3079    case SSH_SFTP_READDIR:
3080      result = ssh_state_sftp_readdir(data, sshc, sshp, block);
3081      break;
3082
3083    case SSH_SFTP_READDIR_LINK:
3084      result = ssh_state_sftp_readdir_link(data, sshc, sshp);
3085      break;
3086
3087    case SSH_SFTP_READDIR_BOTTOM:
3088      result = ssh_state_sftp_readdir_bottom(data, sshc, sshp);
3089      break;
3090
3091    case SSH_SFTP_READDIR_DONE:
3092      result = ssh_state_sftp_readdir_done(data, sshc);
3093      break;
3094
3095    case SSH_SFTP_DOWNLOAD_INIT:
3096      result = ssh_state_sftp_download_init(data, sshc, sshp);
3097      break;
3098
3099    case SSH_SFTP_DOWNLOAD_STAT:
3100      result = ssh_state_sftp_download_stat(data, sshc, sshp, block);
3101      break;
3102
3103    case SSH_SFTP_CLOSE:
3104      result = ssh_state_sftp_close(data, sshc, sshp);
3105      break;
3106
3107    case SSH_SFTP_SHUTDOWN:
3108      result = ssh_state_sftp_shutdown(data, sshc);
3109      break;
3110
3111    case SSH_SCP_TRANS_INIT:
3112      result = ssh_state_scp_trans_init(data, sshc, sshp);
3113      break;
3114
3115    case SSH_SCP_UPLOAD_INIT:
3116      result = ssh_state_scp_upload_init(data, sshc, sshp);
3117      break;
3118
3119    case SSH_SCP_DOWNLOAD_INIT:
3120      result = ssh_state_scp_download_init(data, sshc, sshp);
3121      break;
3122
3123    case SSH_SCP_DONE:
3124      result = ssh_state_scp_done(data, sshc);
3125      break;
3126
3127    case SSH_SCP_SEND_EOF:
3128      result = ssh_state_scp_send_eof(data, sshc);
3129      break;
3130
3131    case SSH_SCP_WAIT_EOF:
3132      result = ssh_state_scp_wait_eof(data, sshc);
3133      break;
3134
3135    case SSH_SCP_WAIT_CLOSE:
3136      result = ssh_state_scp_wait_close(data, sshc);
3137      break;
3138
3139    case SSH_SCP_CHANNEL_FREE:
3140      result = ssh_state_scp_channel_free(data, sshc);
3141      break;
3142
3143    case SSH_SESSION_DISCONNECT:
3144      result = ssh_state_session_disconnect(data, sshc);
3145      break;
3146
3147    case SSH_SESSION_FREE:
3148      result = ssh_state_session_free(data, sshc);
3149      break;
3150
3151    case SSH_QUIT:
3152    default:
3153      /* internal error */
3154      myssh_to(data, sshc, SSH_STOP);
3155      break;
3156    }
3157
3158  } while(!result && (sshc->state != SSH_STOP) && !*block);
3159
3160  if(result == CURLE_AGAIN) {
3161    /* we would block, we need to wait for the socket to be ready (in the
3162       right direction too)! */
3163    *block = TRUE;
3164    result = CURLE_OK;
3165  }
3166  CURL_TRC_SSH(data, "[%s] statemachine() -> %d, block=%d",
3167               Curl_ssh_statename(sshc->state), result, *block);
3168
3169  return result;
3170}
3171
3172/* called by the multi interface to figure out what socket(s) to wait for and
3173   for what actions in the DO_DONE, PERFORM and WAITPERFORM states */
3174static CURLcode ssh_pollset(struct Curl_easy *data,
3175                            struct easy_pollset *ps)
3176{
3177  struct connectdata *conn = data->conn;
3178  struct ssh_conn *sshc = Curl_conn_meta_get(conn, CURL_META_SSH_CONN);
3179  curl_socket_t sock = conn->sock[FIRSTSOCKET];
3180  int waitfor;
3181
3182  if(!sshc || (sock == CURL_SOCKET_BAD))
3183    return CURLE_FAILED_INIT;
3184
3185  waitfor = sshc->waitfor ? sshc->waitfor : data->req.io_flags;
3186  if(waitfor) {
3187    int flags = 0;
3188    if(waitfor & REQ_IO_RECV)
3189      flags |= CURL_POLL_IN;
3190    if(waitfor & REQ_IO_SEND)
3191      flags |= CURL_POLL_OUT;
3192    DEBUGASSERT(flags);
3193    CURL_TRC_SSH(data, "pollset, flags=%x", flags);
3194    return Curl_pollset_change(data, ps, sock, flags, 0);
3195  }
3196  /* While we still have a session, we listen incoming data. */
3197  if(sshc->ssh_session)
3198    return Curl_pollset_change(data, ps, sock, CURL_POLL_IN, 0);
3199  return CURLE_OK;
3200}
3201
3202/*
3203 * When one of the libssh2 functions has returned LIBSSH2_ERROR_EAGAIN this
3204 * function is used to figure out in what direction and stores this info so
3205 * that the multi interface can take advantage of it. Make sure to call this
3206 * function in all cases so that when it _does not_ return EAGAIN we can
3207 * restore the default wait bits.
3208 */
3209static void ssh_block2waitfor(struct Curl_easy *data,
3210                              struct ssh_conn *sshc,
3211                              bool block)
3212{
3213  int dir = 0;
3214  (void)data;
3215  if(block) {
3216    dir = libssh2_session_block_directions(sshc->ssh_session);
3217    if(dir) {
3218      /* translate the libssh2 define bits into our own bit defines */
3219      sshc->waitfor =
3220        ((dir & LIBSSH2_SESSION_BLOCK_INBOUND) ? REQ_IO_RECV : 0) |
3221        ((dir & LIBSSH2_SESSION_BLOCK_OUTBOUND) ? REQ_IO_SEND : 0);
3222    }
3223  }
3224  if(!dir)
3225    sshc->waitfor = 0;
3226}
3227
3228/* called repeatedly until done from multi.c */
3229static CURLcode ssh_multi_statemach(struct Curl_easy *data, bool *done)
3230{
3231  struct connectdata *conn = data->conn;
3232  struct ssh_conn *sshc = Curl_conn_meta_get(conn, CURL_META_SSH_CONN);
3233  struct SSHPROTO *sshp = Curl_meta_get(data, CURL_META_SSH_EASY);
3234  CURLcode result = CURLE_OK;
3235  bool block; /* we store the status and use that to provide a ssh_pollset()
3236                 implementation */
3237  if(!sshc || !sshp)
3238    return CURLE_FAILED_INIT;
3239
3240  do {
3241    result = ssh_statemachine(data, sshc, sshp, &block);
3242    *done = (sshc->state == SSH_STOP);
3243    /* if there is no error, it is not done and it did not EWOULDBLOCK, then
3244       try again */
3245  } while(!result && !*done && !block);
3246  ssh_block2waitfor(data, sshc, block);
3247
3248  return result;
3249}
3250
3251static CURLcode ssh_block_statemach(struct Curl_easy *data,
3252                                    struct ssh_conn *sshc,
3253                                    struct SSHPROTO *sshp,
3254                                    bool disconnect)
3255{
3256  CURLcode result = CURLE_OK;
3257  struct curltime start = *Curl_pgrs_now(data);
3258
3259  while((sshc->state != SSH_STOP) && !result) {
3260    bool block;
3261    timediff_t left_ms = 1000;
3262
3263    result = ssh_statemachine(data, sshc, sshp, &block);
3264    if(result)
3265      break;
3266
3267    if(!disconnect) {
3268      result = Curl_pgrsCheck(data);
3269      if(result)
3270        break;
3271
3272      left_ms = Curl_timeleft_ms(data);
3273      if(left_ms < 0) {
3274        failf(data, "Operation timed out");
3275        return CURLE_OPERATION_TIMEDOUT;
3276      }
3277    }
3278    else if(curlx_ptimediff_ms(Curl_pgrs_now(data), &start) > 1000) {
3279      /* disconnect timeout */
3280      failf(data, "Disconnect timed out");
3281      result = CURLE_OK;
3282      break;
3283    }
3284
3285    if(block) {
3286      int dir = libssh2_session_block_directions(sshc->ssh_session);
3287      curl_socket_t sock = data->conn->sock[FIRSTSOCKET];
3288      curl_socket_t fd_read = CURL_SOCKET_BAD;
3289      curl_socket_t fd_write = CURL_SOCKET_BAD;
3290      if(LIBSSH2_SESSION_BLOCK_INBOUND & dir)
3291        fd_read = sock;
3292      if(LIBSSH2_SESSION_BLOCK_OUTBOUND & dir)
3293        fd_write = sock;
3294      /* wait for the socket to become ready */
3295      (void)Curl_socket_check(fd_read, CURL_SOCKET_BAD, fd_write,
3296                              left_ms > 1000 ? 1000 : left_ms);
3297    }
3298  }
3299
3300  return result;
3301}
3302
3303static void myssh_easy_dtor(void *key, size_t klen, void *entry)
3304{
3305  struct SSHPROTO *sshp = entry;
3306  (void)key;
3307  (void)klen;
3308  curlx_safefree(sshp->path);
3309  curlx_dyn_free(&sshp->readdir);
3310  curlx_dyn_free(&sshp->readdir_link);
3311  curlx_free(sshp);
3312}
3313
3314static void myssh_conn_dtor(void *key, size_t klen, void *entry)
3315{
3316  struct ssh_conn *sshc = entry;
3317  (void)key;
3318  (void)klen;
3319  sshc_cleanup(sshc, NULL, TRUE);
3320  curlx_free(sshc);
3321}
3322
3323/*
3324 * SSH setup and connection
3325 */
3326static CURLcode ssh_setup_connection(struct Curl_easy *data,
3327                                     struct connectdata *conn)
3328{
3329  struct ssh_conn *sshc;
3330  struct SSHPROTO *sshp;
3331  (void)conn;
3332
3333  sshc = curlx_calloc(1, sizeof(*sshc));
3334  if(!sshc)
3335    return CURLE_OUT_OF_MEMORY;
3336
3337  if(Curl_conn_meta_set(conn, CURL_META_SSH_CONN, sshc, myssh_conn_dtor))
3338    return CURLE_OUT_OF_MEMORY;
3339
3340  sshp = curlx_calloc(1, sizeof(*sshp));
3341  if(!sshp)
3342    return CURLE_OUT_OF_MEMORY;
3343
3344  curlx_dyn_init(&sshp->readdir, CURL_PATH_MAX * 2);
3345  curlx_dyn_init(&sshp->readdir_link, CURL_PATH_MAX);
3346  if(Curl_meta_set(data, CURL_META_SSH_EASY, sshp, myssh_easy_dtor))
3347    return CURLE_OUT_OF_MEMORY;
3348
3349  return CURLE_OK;
3350}
3351
3352static Curl_recv scp_recv, sftp_recv;
3353static Curl_send scp_send, sftp_send;
3354
3355#ifndef CURL_DISABLE_PROXY
3356static ssize_t ssh_tls_recv(libssh2_socket_t sock, void *buffer,
3357                            size_t length, int flags, void **abstract)
3358{
3359  struct Curl_easy *data = (struct Curl_easy *)*abstract;
3360  int sockindex = Curl_conn_sockindex(data, sock);
3361  size_t nread;
3362  CURLcode result;
3363  struct connectdata *conn = data->conn;
3364  Curl_recv *backup = conn->recv[sockindex];
3365  struct ssh_conn *sshc = Curl_conn_meta_get(conn, CURL_META_SSH_CONN);
3366  (void)flags;
3367
3368  if(!sshc)
3369    return -1;
3370
3371  /* swap in the TLS reader function for this call only, and then swap back
3372     the SSH one again */
3373  conn->recv[sockindex] = sshc->tls_recv;
3374  result = Curl_conn_recv(data, sockindex, buffer, length, &nread);
3375  conn->recv[sockindex] = backup;
3376  if(result == CURLE_AGAIN)
3377    return -EAGAIN; /* magic return code for libssh2 */
3378  else if(result)
3379    return -1; /* generic error */
3380  Curl_debug(data, CURLINFO_DATA_IN, (const char *)buffer, nread);
3381  return (ssize_t)nread;
3382}
3383
3384static ssize_t ssh_tls_send(libssh2_socket_t sock, const void *buffer,
3385                            size_t length, int flags, void **abstract)
3386{
3387  struct Curl_easy *data = (struct Curl_easy *)*abstract;
3388  int sockindex = Curl_conn_sockindex(data, sock);
3389  size_t nwrite;
3390  CURLcode result;
3391  struct connectdata *conn = data->conn;
3392  Curl_send *backup = conn->send[sockindex];
3393  struct ssh_conn *sshc = Curl_conn_meta_get(conn, CURL_META_SSH_CONN);
3394  (void)flags;
3395
3396  if(!sshc)
3397    return -1;
3398
3399  /* swap in the TLS writer function for this call only, and then swap back
3400     the SSH one again */
3401  conn->send[sockindex] = sshc->tls_send;
3402  result = Curl_conn_send(data, sockindex, buffer, length, FALSE, &nwrite);
3403  conn->send[sockindex] = backup;
3404  if(result == CURLE_AGAIN)
3405    return -EAGAIN; /* magic return code for libssh2 */
3406  else if(result)
3407    return -1; /* error */
3408  Curl_debug(data, CURLINFO_DATA_OUT, (const char *)buffer, nwrite);
3409  return (ssize_t)nwrite;
3410}
3411#endif
3412
3413/*
3414 * Curl_ssh_connect() gets called from Curl_protocol_connect() to allow us to
3415 * do protocol-specific actions at connect-time.
3416 */
3417static CURLcode ssh_connect(struct Curl_easy *data, bool *done)
3418{
3419#ifdef CURL_LIBSSH2_DEBUG
3420  curl_socket_t sock;
3421#endif
3422  struct connectdata *conn = data->conn;
3423  struct ssh_conn *sshc = Curl_conn_meta_get(conn, CURL_META_SSH_CONN);
3424  CURLcode result;
3425
3426#if LIBSSH2_VERSION_NUM >= 0x010b00
3427  {
3428    const char *crypto_str;
3429    switch(libssh2_crypto_engine()) {
3430    case libssh2_gcrypt:
3431      crypto_str = "libgcrypt";
3432      break;
3433    case libssh2_mbedtls:
3434      crypto_str = "mbedTLS";
3435      break;
3436    case libssh2_openssl:
3437      crypto_str = "openssl compatible";
3438      break;
3439    case libssh2_os400qc3:
3440      crypto_str = "OS400QC3";
3441      break;
3442    case libssh2_wincng:
3443      crypto_str = "WinCNG";
3444      break;
3445    default:
3446      crypto_str = NULL;
3447      break;
3448    }
3449    if(crypto_str)
3450      infof(data, "libssh2 cryptography backend: %s", crypto_str);
3451  }
3452#endif
3453
3454  if(!sshc)
3455    return CURLE_FAILED_INIT;
3456
3457  infof(data, "User: '%s'", Curl_creds_user(conn->creds));
3458#ifdef CURL_LIBSSH2_DEBUG
3459  infof(data, "Password: %s", Curl_creds_passwd(conn->creds));
3460  sock = conn->sock[FIRSTSOCKET];
3461#endif /* CURL_LIBSSH2_DEBUG */
3462
3463  /* libcurl MUST to set custom memory functions so that the kbd_callback
3464     function's memory allocations can be properly freed */
3465  sshc->ssh_session = libssh2_session_init_ex(my_libssh2_malloc,
3466                                              my_libssh2_free,
3467                                              my_libssh2_realloc, data);
3468
3469  if(!sshc->ssh_session) {
3470    failf(data, "Failure initialising ssh session");
3471    return CURLE_FAILED_INIT;
3472  }
3473
3474  /* Set the packet read timeout if the libssh2 version supports it */
3475#if LIBSSH2_VERSION_NUM >= 0x010B00
3476  if(data->set.server_response_timeout > 0) {
3477    libssh2_session_set_read_timeout(sshc->ssh_session,
3478                             (long)(data->set.server_response_timeout / 1000));
3479  }
3480#endif
3481
3482#ifndef CURL_DISABLE_PROXY
3483  if(conn->http_proxy.proxytype == CURLPROXY_HTTPS) {
3484    /*
3485      Setup libssh2 callbacks to make it read/write TLS from the socket.
3486
3487      ssize_t
3488      recvcb(libssh2_socket_t sock, void *buffer, size_t length,
3489      int flags, void **abstract);
3490
3491      ssize_t
3492      sendcb(libssh2_socket_t sock, const void *buffer, size_t length,
3493      int flags, void **abstract);
3494
3495    */
3496#if LIBSSH2_VERSION_NUM >= 0x010b01
3497    infof(data, "Uses HTTPS proxy");
3498#if defined(__clang__) && __clang_major__ >= 16
3499#pragma clang diagnostic push
3500#pragma clang diagnostic ignored "-Wcast-function-type-strict"
3501#endif
3502    libssh2_session_callback_set2(sshc->ssh_session,
3503                                  LIBSSH2_CALLBACK_RECV,
3504                                  (libssh2_cb_generic *)ssh_tls_recv);
3505    libssh2_session_callback_set2(sshc->ssh_session,
3506                                  LIBSSH2_CALLBACK_SEND,
3507                                  (libssh2_cb_generic *)ssh_tls_send);
3508#if defined(__clang__) && __clang_major__ >= 16
3509#pragma clang diagnostic pop
3510#endif
3511#else
3512    /*
3513     * This crazy union dance is here to avoid assigning a void pointer a
3514     * function pointer as it is invalid C. The problem is of course that
3515     * libssh2 has such an API...
3516     */
3517    union receive {
3518      void *recvp;
3519      ssize_t (*recvptr)(libssh2_socket_t, void *, size_t, int, void **);
3520    };
3521    union transfer {
3522      void *sendp;
3523      ssize_t (*sendptr)(libssh2_socket_t, const void *, size_t, int, void **);
3524    };
3525    union receive sshrecv;
3526    union transfer sshsend;
3527
3528    sshrecv.recvptr = ssh_tls_recv;
3529    sshsend.sendptr = ssh_tls_send;
3530
3531    infof(data, "Uses HTTPS proxy");
3532    libssh2_session_callback_set(sshc->ssh_session,
3533                                 LIBSSH2_CALLBACK_RECV, sshrecv.recvp);
3534    libssh2_session_callback_set(sshc->ssh_session,
3535                                 LIBSSH2_CALLBACK_SEND, sshsend.sendp);
3536#endif
3537
3538    /* Store the underlying TLS recv/send function pointers to be used when
3539       reading from the proxy */
3540    sshc->tls_recv = conn->recv[FIRSTSOCKET];
3541    sshc->tls_send = conn->send[FIRSTSOCKET];
3542  }
3543
3544#endif /* CURL_DISABLE_PROXY */
3545  if(conn->scheme->protocol & CURLPROTO_SCP) {
3546    conn->recv[FIRSTSOCKET] = scp_recv;
3547    conn->send[FIRSTSOCKET] = scp_send;
3548  }
3549  else {
3550    conn->recv[FIRSTSOCKET] = sftp_recv;
3551    conn->send[FIRSTSOCKET] = sftp_send;
3552  }
3553
3554  if(data->set.ssh_compression &&
3555     libssh2_session_flag(sshc->ssh_session, LIBSSH2_FLAG_COMPRESS, 1) < 0) {
3556    infof(data, "Failed to enable compression for ssh session");
3557  }
3558
3559  if(data->set.str[STRING_SSH_KNOWNHOSTS]) {
3560    int rc;
3561    sshc->kh = libssh2_knownhost_init(sshc->ssh_session);
3562    if(!sshc->kh) {
3563      libssh2_session_free(sshc->ssh_session);
3564      sshc->ssh_session = NULL;
3565      return CURLE_FAILED_INIT;
3566    }
3567
3568    /* read all known hosts from there */
3569    rc = libssh2_knownhost_readfile(sshc->kh,
3570                                    data->set.str[STRING_SSH_KNOWNHOSTS],
3571                                    LIBSSH2_KNOWNHOST_FILE_OPENSSH);
3572    if(rc < 0)
3573      infof(data, "Failed to read known hosts from %s",
3574            data->set.str[STRING_SSH_KNOWNHOSTS]);
3575  }
3576
3577#ifdef CURL_LIBSSH2_DEBUG
3578  libssh2_trace(sshc->ssh_session, ~0);
3579  infof(data, "SSH socket: %d", (int)sock);
3580#endif /* CURL_LIBSSH2_DEBUG */
3581
3582  myssh_to(data, sshc, SSH_INIT);
3583
3584  result = ssh_multi_statemach(data, done);
3585
3586  return result;
3587}
3588
3589/*
3590 ***********************************************************************
3591 *
3592 * scp_perform()
3593 *
3594 * This is the actual DO function for SCP. Get a file according to
3595 * the options previously setup.
3596 */
3597
3598static CURLcode scp_perform(struct Curl_easy *data,
3599                            bool *connected,
3600                            bool *dophase_done)
3601{
3602  struct ssh_conn *sshc = Curl_conn_meta_get(data->conn, CURL_META_SSH_CONN);
3603  CURLcode result = CURLE_OK;
3604
3605  CURL_TRC_SSH(data, "DO phase starts");
3606
3607  *dophase_done = FALSE; /* not done yet */
3608  if(!sshc)
3609    return CURLE_FAILED_INIT;
3610
3611  /* start the first command in the DO phase */
3612  myssh_to(data, sshc, SSH_SCP_TRANS_INIT);
3613
3614  /* run the state-machine */
3615  result = ssh_multi_statemach(data, dophase_done);
3616
3617  *connected = Curl_conn_is_connected(data->conn, FIRSTSOCKET);
3618
3619  if(*dophase_done) {
3620    CURL_TRC_SSH(data, "DO phase is complete");
3621  }
3622
3623  return result;
3624}
3625
3626/* called from multi.c while DOing */
3627static CURLcode scp_doing(struct Curl_easy *data,
3628                          bool *dophase_done)
3629{
3630  CURLcode result;
3631  result = ssh_multi_statemach(data, dophase_done);
3632
3633  if(*dophase_done) {
3634    CURL_TRC_SSH(data, "DO phase is complete");
3635  }
3636  return result;
3637}
3638
3639/* BLOCKING, but the function is using the state machine so the only reason
3640   this is still blocking is that the multi interface code has no support for
3641   disconnecting operations that takes a while */
3642static CURLcode scp_disconnect(struct Curl_easy *data,
3643                               struct connectdata *conn,
3644                               bool dead_connection)
3645{
3646  CURLcode result = CURLE_OK;
3647  struct ssh_conn *sshc = Curl_conn_meta_get(conn, CURL_META_SSH_CONN);
3648  struct SSHPROTO *sshp = Curl_meta_get(data, CURL_META_SSH_EASY);
3649  (void)dead_connection;
3650
3651  if(sshc && sshc->ssh_session) {
3652    /* only if there is a session still around to use! */
3653    myssh_to(data, sshc, SSH_SESSION_DISCONNECT);
3654    result = ssh_block_statemach(data, sshc, sshp, TRUE);
3655  }
3656
3657  if(sshc)
3658    return sshc_cleanup(sshc, data, TRUE);
3659  return result;
3660}
3661
3662/* generic done function for both SCP and SFTP called from their specific
3663   done functions */
3664static CURLcode ssh_done(struct Curl_easy *data, CURLcode status)
3665{
3666  struct ssh_conn *sshc = Curl_conn_meta_get(data->conn, CURL_META_SSH_CONN);
3667  struct SSHPROTO *sshp = Curl_meta_get(data, CURL_META_SSH_EASY);
3668  CURLcode result = CURLE_OK;
3669
3670  if(!sshc || !sshp)
3671    return CURLE_FAILED_INIT;
3672
3673  if(!status)
3674    /* run the state-machine */
3675    result = ssh_block_statemach(data, sshc, sshp, FALSE);
3676  else
3677    result = status;
3678
3679  if(Curl_pgrsDone(data))
3680    return CURLE_ABORTED_BY_CALLBACK;
3681
3682  CURL_REQ_CLEAR_IO(data);
3683  return result;
3684}
3685
3686static CURLcode scp_done(struct Curl_easy *data, CURLcode status,
3687                         bool premature)
3688{
3689  struct ssh_conn *sshc = Curl_conn_meta_get(data->conn, CURL_META_SSH_CONN);
3690  (void)premature;
3691
3692  if(sshc && !status)
3693    myssh_to(data, sshc, SSH_SCP_DONE);
3694
3695  return ssh_done(data, status);
3696}
3697
3698static CURLcode scp_send(struct Curl_easy *data, int sockindex,
3699                         const uint8_t *mem, size_t len, bool eos,
3700                         size_t *pnwritten)
3701{
3702  struct connectdata *conn = data->conn;
3703  struct ssh_conn *sshc = Curl_conn_meta_get(conn, CURL_META_SSH_CONN);
3704  CURLcode result = CURLE_OK;
3705  ssize_t nwritten;
3706
3707  (void)sockindex; /* we only support SCP on the fixed known primary socket */
3708  (void)eos;
3709  *pnwritten = 0;
3710
3711  if(!sshc)
3712    return CURLE_FAILED_INIT;
3713
3714  /* libssh2_channel_write() returns int! */
3715  nwritten = (ssize_t)libssh2_channel_write(sshc->ssh_channel,
3716                                            (const char *)mem, len);
3717
3718  ssh_block2waitfor(data, sshc, (nwritten == LIBSSH2_ERROR_EAGAIN));
3719
3720  if(nwritten == LIBSSH2_ERROR_EAGAIN)
3721    result = CURLE_AGAIN;
3722  else if(nwritten < LIBSSH2_ERROR_NONE)
3723    result = libssh2_session_error_to_CURLE((int)nwritten);
3724  else
3725    *pnwritten = (size_t)nwritten;
3726
3727  return result;
3728}
3729
3730static CURLcode scp_recv(struct Curl_easy *data, int sockindex,
3731                         char *mem, size_t len, size_t *pnread)
3732{
3733  struct connectdata *conn = data->conn;
3734  struct ssh_conn *sshc = Curl_conn_meta_get(conn, CURL_META_SSH_CONN);
3735  CURLcode result = CURLE_OK;
3736  ssize_t nread;
3737
3738  (void)sockindex; /* we only support SCP on the fixed known primary socket */
3739  *pnread = 0;
3740
3741  if(!sshc)
3742    return CURLE_FAILED_INIT;
3743
3744  /* libssh2_channel_read() returns int */
3745  nread = (ssize_t)libssh2_channel_read(sshc->ssh_channel, mem, len);
3746
3747  ssh_block2waitfor(data, sshc, (nread == LIBSSH2_ERROR_EAGAIN));
3748  if(nread == LIBSSH2_ERROR_EAGAIN)
3749    return CURLE_AGAIN;
3750  else if(nread < LIBSSH2_ERROR_NONE)
3751    result = libssh2_session_error_to_CURLE((int)nread);
3752  else
3753    *pnread = (size_t)nread;
3754
3755  return result;
3756}
3757
3758/*
3759 * =============== SFTP ===============
3760 */
3761
3762/*
3763 ***********************************************************************
3764 *
3765 * sftp_perform()
3766 *
3767 * This is the actual DO function for SFTP. Get a file/directory according to
3768 * the options previously setup.
3769 */
3770
3771static CURLcode sftp_perform(struct Curl_easy *data,
3772                             bool *connected,
3773                             bool *dophase_done)
3774{
3775  struct ssh_conn *sshc = Curl_conn_meta_get(data->conn, CURL_META_SSH_CONN);
3776  CURLcode result = CURLE_OK;
3777
3778  CURL_TRC_SSH(data, "DO phase starts");
3779
3780  *dophase_done = FALSE; /* not done yet */
3781  if(!sshc)
3782    return CURLE_FAILED_INIT;
3783
3784  /* start the first command in the DO phase */
3785  myssh_to(data, sshc, SSH_SFTP_QUOTE_INIT);
3786
3787  /* run the state-machine */
3788  result = ssh_multi_statemach(data, dophase_done);
3789
3790  *connected = Curl_conn_is_connected(data->conn, FIRSTSOCKET);
3791
3792  if(*dophase_done) {
3793    CURL_TRC_SSH(data, "DO phase is complete");
3794  }
3795
3796  return result;
3797}
3798
3799/* called from multi.c while DOing */
3800static CURLcode sftp_doing(struct Curl_easy *data,
3801                           bool *dophase_done)
3802{
3803  CURLcode result = ssh_multi_statemach(data, dophase_done);
3804
3805  if(*dophase_done) {
3806    CURL_TRC_SSH(data, "DO phase is complete");
3807  }
3808  return result;
3809}
3810
3811/* BLOCKING, but the function is using the state machine so the only reason
3812   this is still blocking is that the multi interface code has no support for
3813   disconnecting operations that takes a while */
3814static CURLcode sftp_disconnect(struct Curl_easy *data,
3815                                struct connectdata *conn, bool dead_connection)
3816{
3817  CURLcode result = CURLE_OK;
3818  struct ssh_conn *sshc = Curl_conn_meta_get(conn, CURL_META_SSH_CONN);
3819  struct SSHPROTO *sshp = Curl_meta_get(data, CURL_META_SSH_EASY);
3820  (void)dead_connection;
3821
3822  if(sshc) {
3823    if(sshc->ssh_session) {
3824      /* only if there is a session still around to use! */
3825      CURL_TRC_SSH(data, "DISCONNECT starts now");
3826      myssh_to(data, sshc, SSH_SFTP_SHUTDOWN);
3827      result = ssh_block_statemach(data, sshc, sshp, TRUE);
3828      CURL_TRC_SSH(data, "DISCONNECT is done -> %d", result);
3829    }
3830    sshc_cleanup(sshc, data, TRUE);
3831  }
3832  return result;
3833}
3834
3835static CURLcode sftp_done(struct Curl_easy *data, CURLcode status,
3836                          bool premature)
3837{
3838  struct connectdata *conn = data->conn;
3839  struct ssh_conn *sshc = Curl_conn_meta_get(conn, CURL_META_SSH_CONN);
3840
3841  if(!sshc)
3842    return CURLE_FAILED_INIT;
3843
3844  if(!status) {
3845    /* Post quote commands are executed after the SFTP_CLOSE state to avoid
3846       errors that could happen due to open file handles during POSTQUOTE
3847       operation */
3848    if(!premature && data->set.postquote && !conn->bits.retry)
3849      sshc->nextstate = SSH_SFTP_POSTQUOTE_INIT;
3850    myssh_to(data, sshc, SSH_SFTP_CLOSE);
3851  }
3852  return ssh_done(data, status);
3853}
3854
3855/* return number of sent bytes */
3856static CURLcode sftp_send(struct Curl_easy *data, int sockindex,
3857                          const uint8_t *mem, size_t len, bool eos,
3858                          size_t *pnwritten)
3859{
3860  struct connectdata *conn = data->conn;
3861  struct ssh_conn *sshc = Curl_conn_meta_get(conn, CURL_META_SSH_CONN);
3862  ssize_t nwrite;
3863
3864  (void)sockindex;
3865  (void)eos;
3866  *pnwritten = 0;
3867
3868  if(!sshc)
3869    return CURLE_FAILED_INIT;
3870
3871  nwrite = libssh2_sftp_write(sshc->sftp_handle, (const char *)mem, len);
3872
3873  ssh_block2waitfor(data, sshc, (nwrite == LIBSSH2_ERROR_EAGAIN));
3874
3875  if(nwrite == LIBSSH2_ERROR_EAGAIN)
3876    return CURLE_AGAIN;
3877  else if(nwrite < LIBSSH2_ERROR_NONE)
3878    return libssh2_session_error_to_CURLE((int)nwrite);
3879  *pnwritten = (size_t)nwrite;
3880  return CURLE_OK;
3881}
3882
3883/*
3884 * Return number of received (decrypted) bytes
3885 * or <0 on error
3886 */
3887static CURLcode sftp_recv(struct Curl_easy *data, int sockindex,
3888                          char *mem, size_t len, size_t *pnread)
3889{
3890  struct connectdata *conn = data->conn;
3891  struct ssh_conn *sshc = Curl_conn_meta_get(conn, CURL_META_SSH_CONN);
3892  ssize_t nread;
3893
3894  (void)sockindex;
3895  *pnread = 0;
3896
3897  if(!sshc)
3898    return CURLE_FAILED_INIT;
3899
3900  nread = libssh2_sftp_read(sshc->sftp_handle, mem, len);
3901
3902  ssh_block2waitfor(data, sshc, (nread == LIBSSH2_ERROR_EAGAIN));
3903
3904  if(nread == LIBSSH2_ERROR_EAGAIN)
3905    return CURLE_AGAIN;
3906  else if(nread < 0)
3907    return libssh2_session_error_to_CURLE((int)nread);
3908
3909  *pnread = (size_t)nread;
3910  return CURLE_OK;
3911}
3912
3913/*
3914 * The DO function is generic for both protocols. There was previously two
3915 * separate ones but this way means less duplicated code.
3916 */
3917static CURLcode ssh_do(struct Curl_easy *data, bool *done)
3918{
3919  CURLcode result;
3920  bool connected = FALSE;
3921  struct connectdata *conn = data->conn;
3922  struct ssh_conn *sshc = Curl_conn_meta_get(conn, CURL_META_SSH_CONN);
3923
3924  *done = FALSE; /* default to false */
3925  if(!sshc)
3926    return CURLE_FAILED_INIT;
3927
3928  data->req.size = -1; /* make sure this is unknown at this point */
3929  sshc->secondCreateDirs = 0;   /* reset the create directory attempt state
3930                                   variable */
3931
3932  Curl_pgrsReset(data);
3933
3934  if(conn->scheme->protocol & CURLPROTO_SCP)
3935    result = scp_perform(data, &connected, done);
3936  else
3937    result = sftp_perform(data, &connected, done);
3938
3939  return result;
3940}
3941
3942CURLcode Curl_ssh_init(void)
3943{
3944  if(libssh2_init(0)) {
3945    DEBUGF(curl_mfprintf(stderr, "Error: libssh2_init failed\n"));
3946    return CURLE_FAILED_INIT;
3947  }
3948  return CURLE_OK;
3949}
3950
3951void Curl_ssh_cleanup(void)
3952{
3953  libssh2_exit();
3954}
3955
3956void Curl_ssh_version(char *buffer, size_t buflen)
3957{
3958  (void)curl_msnprintf(buffer, buflen, "libssh2/%s", libssh2_version(0));
3959}
3960
3961/* The SSH session is associated with the *CONNECTION* but the callback user
3962 * pointer is an easy handle pointer. This function allows us to reassign the
3963 * user pointer to the *CURRENT* (new) easy handle.
3964 */
3965static void ssh_attach(struct Curl_easy *data, struct connectdata *conn)
3966{
3967  DEBUGASSERT(data);
3968  DEBUGASSERT(conn);
3969  if(conn->scheme->protocol & PROTO_FAMILY_SSH) {
3970    struct ssh_conn *sshc = Curl_conn_meta_get(conn, CURL_META_SSH_CONN);
3971    if(sshc && sshc->ssh_session) {
3972      /* only re-attach if the session already exists */
3973      void **abstract = libssh2_session_abstract(sshc->ssh_session);
3974      *abstract = data;
3975    }
3976  }
3977}
3978
3979/*
3980 * SCP protocol handler.
3981 */
3982const struct Curl_protocol Curl_protocol_scp = {
3983  ssh_setup_connection,                 /* setup_connection */
3984  ssh_do,                               /* do_it */
3985  scp_done,                             /* done */
3986  ZERO_NULL,                            /* do_more */
3987  ssh_connect,                          /* connect_it */
3988  ssh_multi_statemach,                  /* connecting */
3989  scp_doing,                            /* doing */
3990  ssh_pollset,                          /* proto_pollset */
3991  ssh_pollset,                          /* doing_pollset */
3992  ZERO_NULL,                            /* domore_pollset */
3993  ssh_pollset,                          /* perform_pollset */
3994  scp_disconnect,                       /* disconnect */
3995  ZERO_NULL,                            /* write_resp */
3996  ZERO_NULL,                            /* write_resp_hd */
3997  ZERO_NULL,                            /* connection_is_dead */
3998  ssh_attach,                           /* attach */
3999  ZERO_NULL,                            /* follow */
4000};
4001
4002/*
4003 * SFTP protocol handler.
4004 */
4005const struct Curl_protocol Curl_protocol_sftp = {
4006  ssh_setup_connection,                 /* setup_connection */
4007  ssh_do,                               /* do_it */
4008  sftp_done,                            /* done */
4009  ZERO_NULL,                            /* do_more */
4010  ssh_connect,                          /* connect_it */
4011  ssh_multi_statemach,                  /* connecting */
4012  sftp_doing,                           /* doing */
4013  ssh_pollset,                          /* proto_pollset */
4014  ssh_pollset,                          /* doing_pollset */
4015  ZERO_NULL,                            /* domore_pollset */
4016  ssh_pollset,                          /* perform_pollset */
4017  sftp_disconnect,                      /* disconnect */
4018  ZERO_NULL,                            /* write_resp */
4019  ZERO_NULL,                            /* write_resp_hd */
4020  ZERO_NULL,                            /* connection_is_dead */
4021  ssh_attach,                           /* attach */
4022  ZERO_NULL,                            /* follow */
4023};
4024
4025#endif /* USE_LIBSSH2 */